What are the security implications for hosting signed jars on the internet? As I understand jar signing, once a user choose to auto-accept a certificate, it doesn't matter if the signed jar came from your domain, linked from another domain or hosted on another domain. For example, Sun uses this method to give applets OpenGL support, by ...
In Netbeans (I have the 6.5 version), in the project properties under Application> Webstart there is a self-signed checkbox. What is its meaning? When I need to use it? ...
This is some of the stack trace for the exception : com.sun.deploy.net.JARSigningException: Could not verify signing in resource: .jar at com.sun.javaws.security.SigningInfo.checkSigning(Unknown Source) at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source) We ourselves are signing all the jars referred in...
I am trying to sign a jar file using an ANT script. I know this has to be pointed at the JDK directory for jarsigner.exe to run, but when I echo java.home it returns the JRE directory. This isnt a problem for javac because I can set the executeable path, but that does not exist for signjar. How do I change the java.home path? When I ...
I am using bouncy castle provider for AES encryption. I need to create a fat jar from bc and my jar but as soon as i do it i get Algorithm not found exception. Is it possible to get rid of the sign and create regular jar out of it? My build process is.. i unzip all jars in to my build directory. then remove META-INF directory compile ...
I have a zip file containing a number of jar files that is being downloaded from an HTTPS site. The jars form a command line driven, server side application. I have a Java written application installer that does some checks to verify that the jars are signed using a particular trusted digital certificate and have not been modified durin...
Hello, We have some legacy JAR files from a vendor that were previously distributed as an applet, but we'd now like to simplify as a web service. While the code works when I run it natively within my Eclipse IDE, it fails when I attempt to call it from a web service client after exporting it as a WAR and deploying it on JBoss (5.0.1). ...
I made a weird applet which allows you to paint with your voice. Obviously it requires access to the microphone, but Java applets are not allowed access unless they are signed. As far as I can tell its difficult and involves cryptography, and, though its not clear, I think that I'm expected to pay MONEY to Verisign as well. This all seem...
Hi Can someone show me how pom file should look like to create a jar file with applet which depends from some other jars is it possible to have one jar as applet, and how to sign it? ...
Hi, I'm working on a Java Applet, which must run in an offline and standalone XULRunner (web browser) application. What happens: everything works perfectly, but the first time the applet is loaded, the user need to give access rights to the applet, because it "cannot be verified", with a dialog box. The problem: Since the user ran th...
We have signed a JAR file using a certificate generated by MS Active Directory Certificate Services. However, when accessing it via Java Web Start we are getting the prompt that the digital signature cannot be verified even though we've installed the root CA into the certificate store on the client machine. Now trying to look at the ro...
Hi, I want to know if Netbeans has some option/ setting that will allow me to automatically sign a jar as part of the build. Thank you! ...
Hi, I am having the problem that adding a second signature to a .jar file causes trouble in combination with code that only has one of them. Background: We have an application that is signed with an expired certificate. It has a starter that can update itself by downloading new versions of .jar files and placing them in front of the e...
I have open sourced several of my projects and have published artifacts on sonatype.org. Is it important to sign your artifacts, does JBoss and other open source publishers sign their code? ...
I signed my JWS application MemorizEasy with a key whose alias is: memofile.reference.emma.jar=/Users/simpatico/.netbeans/6.8/modules/ext/emma.jar I don't remember why I chose such a long alias. I suspect it was memo only, but in my project settings I have: jnlp.signjar.alias=memofile.reference.emma.jar=/Users/simpatico/.netbeans/6.8/mo...
Warning: The signer certificate has expired. I get the following when I try to sign with jarsigner, and the output jar doesn't get generated. How do I renew my jar signature? ...
Java Web Start (JWS) says that it can't launch my application because the jar file is unsigned: Error: Unsigned application requesting unrestricted access to system Unsigned resource: .../dynaccn.jar But the jar file is signed: $ jarsigner -keystore ... dynaccn.jar idv $ jar tf dynaccn.jar META-INF/MANIFEST.MF META-INF/IDV.SF ...
SO I am testing a Rest OAuth implementation. My testing tool will send the HTTP Request, but I need to prepare the Authorization header. What I need: I want a valid Authorization Header What I have: All the headers except the oauth_signature I also have the 2 secrets, the token_secret and the consumer_secret. I also posses the access_...