如何强制jarsign签署jarfiles？

Question

我们的产品在Java版本1.5.0_13暂停,我们想升级.我们的软件通过Java Web Start部署了大量的jar; 所有这些罐子都必须签名.但是,有几个jar不包含类文件,从Java 1.5.0_14开始,jarsign实用程序似乎选择不签署任何不包含类文件的jar.

我该怎么做才能强迫jarsign签署这些罐子？或者我可以做什么来通过Java Web Start分发这些jar而不签名？是否记录了版本1.5.0_14及以上版本的变化？我在发行说明中找不到它.

Answer 1

我无法确认是否有任何问题.你能看一看,看看你的环境可能有什么不同吗？我在Windows 7 RC上运行.

我们来看看版本:

C:\temp>java -version
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)

让我们看看我们的罐子里会有什么:

C:\temp>dir /s /b com
C:\temp\com\rdc
C:\temp\com\rdc\test
C:\temp\com\rdc\test\logging.properties

让我们制作一个罐子:

C:\temp>jar -cfv test-source.jar com/*
added manifest
adding: com/rdc/(in = 0) (out= 0)(stored 0%)
adding: com/rdc/test/(in = 0) (out= 0)(stored 0%)
adding: com/rdc/test/logging.properties(in = 13) (out= 15)(deflated -15%)

让我们签一个罐子:我正在使用自签名证书.

C:\temp>jarsigner -signedjar test-dest.jar test-source.jar vinay
Enter Passphrase for keystore:

Warning: The signer certificate will expire within six months.

让我们看看我们签名的jar中有什么:

C:\temp>jar tvf test-dest.jar
   155 Wed Jul 15 23:39:12 BST 2009 META-INF/MANIFEST.MF
   276 Wed Jul 15 23:39:12 BST 2009 META-INF/VINAY.SF
  1130 Wed Jul 15 23:39:12 BST 2009 META-INF/VINAY.DSA
     0 Wed Jul 15 23:37:18 BST 2009 META-INF/
     0 Wed Jul 15 19:44:44 BST 2009 com/rdc/
     0 Wed Jul 15 19:44:58 BST 2009 com/rdc/test/
    13 Wed Jul 15 23:37:10 BST 2009 com/rdc/test/logging.properties

好吧,它肯定似乎已经签名,而且没有课程.我们来看看内容MANIFEST.MF:

Manifest-Version: 1.0
Created-By: 1.5.0_14 (Sun Microsystems Inc.)

Name: com/rdc/test/logging.properties
SHA1-Digest: Ob/S+a7TLh+akYGEFIDugM12S88=

以及内容VINAY.SF:

Signature-Version: 1.0
Created-By: 1.5.0_14 (Sun Microsystems Inc.)
SHA1-Digest-Manifest-Main-Attributes: 4bEkze9MHmgfBoY+fnoS1V9bRPs=
SHA1-Digest-Manifest: YB8QKIAQPjEYh8PkuGA5G8pW3tw=

Name: com/rdc/test/logging.properties
SHA1-Digest: qXCyrUvUALII7SBNEq4R7G8lVQQ=

现在,让我们验证一下jar:

C:\temp>jarsigner -verify -verbose test-dest.jar

         155 Wed Jul 15 23:51:34 BST 2009 META-INF/MANIFEST.MF
         276 Wed Jul 15 23:51:34 BST 2009 META-INF/VINAY.SF
        1131 Wed Jul 15 23:51:34 BST 2009 META-INF/VINAY.DSA
           0 Wed Jul 15 23:37:18 BST 2009 META-INF/
           0 Wed Jul 15 19:44:44 BST 2009 com/rdc/
           0 Wed Jul 15 19:44:58 BST 2009 com/rdc/test/
smk       13 Wed Jul 15 23:37:10 BST 2009 com/rdc/test/logging.properties

  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

Warning: This jar contains entries whose signer certificate will expire within
six months. Re-run with the -verbose and -certs options for more details.

从表面上看,一切似乎都井然有序.您可以检查您的证书是否已过期或已被撤销？您使用的是自签名证书还是真正的证书？或者我误解了你的问题是什么？