Hi,
I am having the problem that adding a second signature to a .jar file causes trouble in combination with code that only has one of them.
Background: We have an application that is signed with an expired certificate. It has a starter that can update itself by downloading new versions of .jar files and placing them in front of the existing ones onto the classpath.
We got a new certificate and sign the new starter and the updates with both keys. Unfortunately the old applications is now refusing to startup:
- the starter (signed with the old cert) builds up the classpath.
- then it calls a method from a class ("Stendhal") jar that is signed with both certs
- this method loads a class ("LogUncaughtExceptionHandler") from a jar which is only signed with the old cert.
SecurityException: class "games.stendhal.client.LogUncaughtExceptionHandler"'s signer information does not match signer information of other classes in the same package