Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / February 2006

Tip: Looking for answers? Try searching our database.

signing 3rd party jars problem

Thread view: 
Enable EMail AlertsStart New Thread
C P - 24 Feb 2006 20:25 GMT
Hello
I have an applet that compiles and runs fine. The 3rd party jars successfully
updated the applet jar, but the problem is signing. When I try to sign it I
get the following:

Signing JAR: F:\Projects\applets\applets\dist\applets.jar

 updating: META-INF/MANIFEST.MF

  adding: META-INF/MYSELF.SF

  adding: META-INF/MYSELF.DSA

jarsigner: unable to sign jar: java.util.zip.ZipException: duplicate entry:
META-INF/JCESIGN.DSA

Two of the 3rd party jars are signed. Does that make any difference? I ***-
umed not as the classes and the manifest should all be added and I should be
able to sign over all them. This is the first time really packaging and
signing for any help appreciated.
Reply to this Message
Dieter Schicker - 24 Feb 2006 21:00 GMT
I would delete the manifest entries from the 3rd party jars and then
sign them with my own keystore.

Didi

> Hello
> I have an applet that compiles and runs fine. The 3rd party jars successfully
[quoted text clipped - 16 lines]
> able to sign over all them. This is the first time really packaging and
> signing for any help appreciated.
Reply to this Message
C P - 25 Feb 2006 21:35 GMT
Thanks Didi
I thought the manifest was necesary for the signature to be valid, but if it
is computed I can see how there needs to be only one.  My concern is if the
final signed jar with my signature will work in a java webstart environment.
Well here goes.

>I would delete the manifest entries from the 3rd party jars and then
>sign them with my own keystore.
[quoted text clipped - 6 lines]
>> able to sign over all them. This is the first time really packaging and
>> signing for any help appreciated.
Reply to this Message
Dieter Schicker - 25 Feb 2006 21:38 GMT
We have ~10 java webstart applications here that where packaged that way
and they work fine.

Cheers
Didi

> Thanks Didi
> I thought the manifest was necesary for the signature to be valid, but if it
[quoted text clipped - 12 lines]
>>> able to sign over all them. This is the first time really packaging and
>>> signing for any help appreciated.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.