已签名的JAR被Java Security阻止
我绞尽脑汁为什么当我使用以前使用的代码签名证书签署我的JAR时,我仍然得到一个Java安全应用程序阻止对话框,该对话框规定我的应用程序是自签名的:< / p>
然而,当我从我没有用来签署应用程序的机器运行jarsigner verify命令时(用Acme替换实际的公司名称以匿名):
jarsigner -verify -certs -verbose RegistrySafeLauncher.jar
s 821 Wed Oct 21 09:25:42 BST 2015 META-INF/MANIFEST.MF
X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
[certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]
561 Wed Oct 21 09:25:42 BST 2015 META-INF/MYKEY.SF
5345 Wed Oct 21 09:25:42 BST 2015 META-INF/MYKEY.RSA
0 Wed Oct 21 09:25:44 BST 2015 META-INF/
0 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/
sm 1067 Wed Oct 21 09:25:42 BST 2015 META-INF/INDEX.LIST
X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
[certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]
sm 1441 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/RegistrySafeLauncher$1.class
X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
[certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]
sm 1765 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/RegistrySafeLauncher.class
X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
[certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2016-11-04) or after any future revocation date.
构建的JAR中的清单文件如下所示:
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.9.4
X-COMMENT: Main-Class will be added automatically by build
Application-Library-Allowable-Codebase: *.acme.net http://localhost*
Application-Name: RegistrySafeLauncher
Class-Path: lib/jna-4.2.0.jar lib/jna-platform-4.2.0.jar
Permissions: all-permissions
Created-By: 1.7.0_80-b15 (Oracle Corporation)
Caller-Allowable-Codebase: *.acme.net http://localhost*
Main-Class: registrysafelauncher.RegistrySafeLauncher
Codebase: *
Name: registrysafelauncher/RegistrySafeLauncher.class
SHA-256-Digest: lA2UH1iNCFqmNeXTlD/5Gik+DGfkA64F34T3i6ArSEM=
Name: registrysafelauncher/RegistrySafeLauncher$1.class
SHA-256-Digest: kNyCx9f9FwWHAV/Mf4D+9KIJJfFHdcrTUNnEdiXwWmw=
Name: META-INF/INDEX.LIST
SHA-256-Digest: 7A/Nhqqvf7wBQNaAj0actnzwuWocUJv6R8/+QZyURmw=
我错过了什么?我在清单文件中遗漏了什么,或者在我正在建立的机器上没有指向CA(VeriSign)的链接?
******后来更新:******
在使用我的jnlp文件后,看起来像这样:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<jnlp codebase="http://localhost/jnlptestcaller" href="launch.aspx" spec="1.0+">
<information>
<title>RegistrySafeLauncher</title>
<vendor>Acme Software, Inc.</vendor>
<homepage href=""/>
<description>RegistrySafeLauncher</description>
<description kind="short">RegistrySafeLauncher</description>
</information>
<update check="background"/>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.7+"/>
<jar href="RegistrySafeLauncher.jar" main="true"/>
<jar href="lib/jna-4.2.0.jar"/>
<jar href="lib/jna-platform-4.2.0.jar"/>
</resources>
<application-desc main-class="registrysafelauncher.RegistrySafeLauncher">
<argument>JavaAgent.jnlp.aspx</argument>
</application-desc>
</jnlp>
我现在得到一个略有不同的安全警告:
我怎样摆脱这个警告?
2 个答案:
答案 0 :(得分:1)
As of Java 7 update 51 self-signed certificates will be blocked
正如链接页面所讨论的那样,“正确实施安全实践”有许多资源:
虽然这不是一般解决方案(因为您不应指望用户这样做),但需要快速修复:
您可以使用“例外站点”列表功能来运行安全设置阻止的应用程序。 Adding the URL of the blocked application to the Exception Site list允许它运行一些警告。
答案 1 :(得分:0)
事实证明我的证书很好。 Java对localhost表现不佳,所以我把一个主机文件条目放入localtest指向localhost,并且它从localtest运行它(也可以使用我的IP)。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?