那些遇到过的问题

已签名的JAR被Java Security阻止

lil*_*ien 6 java security blocked sign

当我使用以前使用的代码签名证书签署我的JAR时,为什么当我使用Java安全应用程序阻止对话框来规定我的应用程序是自签名的时候,我绞尽脑汁想知道为什么:

在此输入图像描述

但是,当我从我没有用来签署应用程序的机器运行jarsigner verify命令时(用Acme替换实际公司名称以匿名):

jarsigner -verify -certs -verbose RegistrySafeLauncher.jar


s        821 Wed Oct 21 09:25:42 BST 2015 META-INF/MANIFEST.MF

      X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
      [certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
      X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      [certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
      X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      [certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
      X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
      [certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]

         561 Wed Oct 21 09:25:42 BST 2015 META-INF/MYKEY.SF
        5345 Wed Oct 21 09:25:42 BST 2015 META-INF/MYKEY.RSA
           0 Wed Oct 21 09:25:44 BST 2015 META-INF/
           0 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/
sm      1067 Wed Oct 21 09:25:42 BST 2015 META-INF/INDEX.LIST

      X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
      [certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
      X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      [certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
      X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      [certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
      X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
      [certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]

sm      1441 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/RegistrySafeLauncher$1.class

      X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
      [certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
      X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      [certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
      X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      [certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
      X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
      [certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]

sm      1765 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/RegistrySafeLauncher.class

      X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
      [certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
      X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      [certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
      X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
      [certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
      X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
      [certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]


  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

Warning: 
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2016-11-04) or after any future revocation date.
Run Code Online (Sandbox Code Playgroud)

并且构建的JAR中的清单文件如下所示:

Manifest-Version: 1.0
Ant-Version: Apache Ant 1.9.4
X-COMMENT: Main-Class will be added automatically by build
Application-Library-Allowable-Codebase: *.acme.net http://localhost*
Application-Name: RegistrySafeLauncher
Class-Path: lib/jna-4.2.0.jar lib/jna-platform-4.2.0.jar
Permissions: all-permissions
Created-By: 1.7.0_80-b15 (Oracle Corporation)
Caller-Allowable-Codebase: *.acme.net http://localhost*
Main-Class: registrysafelauncher.RegistrySafeLauncher
Codebase: *

Name: registrysafelauncher/RegistrySafeLauncher.class
SHA-256-Digest: lA2UH1iNCFqmNeXTlD/5Gik+DGfkA64F34T3i6ArSEM=

Name: registrysafelauncher/RegistrySafeLauncher$1.class
SHA-256-Digest: kNyCx9f9FwWHAV/Mf4D+9KIJJfFHdcrTUNnEdiXwWmw=

Name: META-INF/INDEX.LIST
SHA-256-Digest: 7A/Nhqqvf7wBQNaAj0actnzwuWocUJv6R8/+QZyURmw=
Run Code Online (Sandbox Code Playgroud)

我错过了什么?我在清单文件中遗漏了什么,或者我正在建立的机器上的CA(VeriSign)链接不正确?

******后来更新:******

在使用我的jnlp文件后,它看起来像这样:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<jnlp codebase="http://localhost/jnlptestcaller" href="launch.aspx" spec="1.0+">
    <information>
        <title>RegistrySafeLauncher</title>
        <vendor>Acme Software, Inc.</vendor>
        <homepage href=""/>
        <description>RegistrySafeLauncher</description>
        <description kind="short">RegistrySafeLauncher</description>
    </information>
    <update check="background"/>
    <security>
<all-permissions/>
</security>
    <resources>
        <j2se version="1.7+"/>
        <jar href="RegistrySafeLauncher.jar" main="true"/>
        <jar href="lib/jna-4.2.0.jar"/>
        <jar href="lib/jna-platform-4.2.0.jar"/>
    </resources>
    <application-desc main-class="registrysafelauncher.RegistrySafeLauncher">
        <argument>JavaAgent.jnlp.aspx</argument>
    </application-desc>
</jnlp>
Run Code Online (Sandbox Code Playgroud)

我现在得到这个略有不同的安全警告:

Java安全性被阻止

我怎么能摆脱这个警告?

lil*_*ien 1

事实证明我的证书没问题。Java 在 localhost 上表现不佳,因此我放入一个主机文件条目以将 localtest 指向 localhost,并且它可以从 localtest 运行它(也可以使用我的 IP)。

归档时间:

查看次数:

1406 次

最近记录:

9 年,9 月 前
相关归档
运行Maven项目的主要类 254
来自匿名内部类的外部类的关键字 198
使用JDBC连接到postgres时是否可以指定模式? 135
允许"Enter"键按下提交按钮,而不是仅使用MouseClick 43
Linux中的沙盒 16
是否有唯一的计算机标识符,即使在虚拟机中也可以可靠地使用? 12
ADOdb中的SQL注入和一般网站安全性 10
保持用户匿名 - 仅限安全数据库选项 - 一般想法? 6
如何确保用户提供的 url 不是本地路径? 5
如何授予移动应用程序访问我的 api 的权限? 1
难疑归档
如何使用JavaScript漂亮地打印JSON? 2222
使用JavaScript在新选项卡(而不是新窗口)中打开URL 1941
Make .gitignore会忽略除少数文件之外的所有内容 1531
你什么时候应该使用escape而不是encodeURI/encodeURIComponent? 1371
varchar和nvarchar有什么区别? 1300
在HTML中显示哪些字符可用于上/下三角(没有词干的箭头)? 1212
如何在Bash中将字符串转换为小写? 1158
在Ruby on Rails中对nil v.空v.空白的简要解释 1098
使用node.js作为简单的Web服务器 1068
如何测量函数执行所花费的时间 1057