tags:

views:

142

answers:

2
Q: 

How to test the code signing of a JAR file on a client machine?

We have signed a JAR file using a certificate generated by MS Active Directory Certificate Services. However, when accessing it via Java Web Start we are getting the prompt that the digital signature cannot be verified even though we've installed the root CA into the certificate store on the client machine.

Now trying to look at the root CA on the client machine, using "keytool -list", I'm seeing an exception (invalid URI:file://\my_msadcs_server\path\to\CRL.crl). So now I'm not sure exactly what is going wrong.

Anyone have a suggestion or sample Java code on how I can test the downloaded JAR file's signature on the client machine in an attempt to figure out exactly why JWS is complaining? It could be that the root CA certificate has a problem (and I will chase down that avenue when my AD admin gets in) but I'd like to rule out other possibilities first. Currently the only thing I have to go on is the exception from "keytool -list", but keytool had no issues importing the root CA certificate in the first place.

Thanks in advance!,

mG.

A: 

I think the invalid URI message is a clue. Java file URI takes the following form: file://host/path

Greg  2010-01-29 15:30:36
Yes, but I want to verify that. Rather than going and having our AD admin muck around with configuration (that works fine for everything else we've tried...this is the only signed JAR app we've done), I'd like to come to him with more than the details I have above.As I said, keytool imported the cert without complaint. So his question back to me will be: what proof do I have that the cert he gave me is the source of the problem?
mobiGeek  2010-01-29 15:41:24
By the way, this "not a bug" entry looks like others have had similar issues. http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6304269I'm not saying this is a Java bug, but I'm trying to come up with evidence to my AD admin that changes on his side are required (and justification for the particular changes).
mobiGeek  2010-01-29 15:50:36
A: 

I use jarsigner with the -verify, -verbose and -certs options. You may have to specify your -keystore, too.

trashgod  2010-01-29 22:09:18

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java