Java Web Start的(JWS)表示,由於jar文件是無符號它無法啓動我的應用程序:爲什麼Java Web Start說簽名的jar文件是未簽名的?
Error: Unsigned application requesting unrestricted access to system
Unsigned resource: .../dynaccn.jar
但jar文件是簽署:
$ jarsigner -keystore ... dynaccn.jar idv
$ jar tf dynaccn.jar
META-INF/MANIFEST.MF
META-INF/IDV.SF
META-INF/IDV.RSA
META-INF/
edu/
edu/ucar/
edu/ucar/unidata/
edu/ucar/unidata/dynaccn/
App$1.class
...
$ jarsigner -verbose -certs -verify dynaccn.jar
28325 Tue Aug 17 09:41:58 MDT 2010 META-INF/MANIFEST.MF
28404 Tue Aug 17 09:41:58 MDT 2010 META-INF/IDV.SF
2880 Tue Aug 17 09:41:58 MDT 2010 META-INF/IDV.RSA
0 Tue Aug 17 09:41:58 MDT 2010 META-INF/
0 Mon Aug 16 10:10:34 MDT 2010 edu/
0 Mon Aug 16 10:10:34 MDT 2010 edu/ucar/
0 Mon Aug 16 10:10:34 MDT 2010 edu/ucar/unidata/
0 Mon Aug 16 10:10:34 MDT 2010 edu/ucar/unidata/dynaccn/
...
sm 486 Mon Aug 16 10:10:34 MDT 2010 App$1.class
X.509, CN=University Corporation for Atmospheric Research, OU=UNIDATA, O=University Corporation for Atmospheric Research, L=Boulder, ST=Colorado, C=US
[certificate will expire on 2/6/11 4:59 PM]
X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
[certificate is valid from 8/5/03 6:00 PM to 8/5/13 5:59 PM]
[KeyUsage extension does not support code signing]
X.509, [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 7/31/96 6:00 PM to 12/31/20 4:59 PM]
[CertPath not validated: null]
...
jar verified.
Warning:
This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing.
This jar contains entries whose signer certificate will expire within six months.
This jar contains entries whose certificate chain is not validated.
This jar contains signed entries that's not signed by alias in this keystore.
和兩個JWS並且我的瀏覽器擁有「Thawte Premium Server CA」的證書。
即使JWS緩存和瀏覽器下載區爲空,也會出現此問題。
我不相信「KeyUsage」消息是相關的,因爲1)相同的證書鏈用於其他成功啓動的應用程序;和2)我讀過的文檔表明,Thawte代碼簽名CA僅用於驗證UNIDATA證書而不是簽署代碼。
我的環境是Linux 2.6.27.41-170.2.117.fc10.x86_64,Firefox 3.6.8(i686)和Java 1.7.0-ea。
爲什麼不啓動此應用程序?
更新:如果JNLP文件中的「codebase」屬性引用了本地目錄,但沒有引用位於用戶身份驗證後面的URL,我發現應用程序將啓動。在後一種情況下,如果從命令行調用,javaws(1)將認證網頁解釋爲JNLP文件(具有明顯的結果)。如果由用戶認證網頁中的「deployJava」腳本調用(以便瀏覽器具有會話cookie),則javaws(1)表示該應用程序未被簽名。我發現這兩種失敗模式都很奇怪,因爲javaws(1)文檔說明它理解用戶認證網頁並且jar文件已簽名。
你如何簽署你的jar文件? 我在使用lazy屬性設置爲true的ant中的signjar任務時遇到過這些問題。刪除'lazy = true'屬性幾乎使問題消失。 – Pram 2010-08-17 18:51:35
@Pram我使用這個ant(1)條目: 。不使用「懶惰」屬性。 –
2010-08-17 19:29:43