Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #21329

Re: really odd problem with jar signing

From Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at>
Newsgroups comp.lang.java.programmer
Subject Re: really odd problem with jar signing
Date 2013-01-11 17:39 +0000
Organization A noiseless patient Spider
Message-ID <slrnkf0jj6.u9l.avl@gamma.logic.tuwien.ac.at> (permalink)
References <slrnkf05e3.u9l.avl@gamma.logic.tuwien.ac.at> <a3g0f8luf86p0so7vuunt9a8lhniqisgvm@4ax.com>

Show all headers | View raw

Roedy Green <see_website@mindprod.com.invalid> wrote:
> On Fri, 11 Jan 2013 13:38:11 +0000 (UTC), Andreas Leitgeb
> <avl@gamma.logic.tuwien.ac.at> wrote:
>> When signing a particular JAR file with jarsigner *one* of the 
>> enclosed .class files does *not* get signed !
> What is the name of the file?  / vs \, some odd char in name?

Double checked this again. It has forward slashes, and no bogus
characters in the name.  I examined a hexdump of the JAR-file to
verify that.

> It is the file itself a valid class file. Try JarCheck  see
> http://mindprod.com/products1.html#JARCHECK

I verified correctness of the .class file with some tool that
we have here for that task, and the file was ok.

> Could you post the unsigned jar for us to experiment with?

Not that one, unfortunately.  As I'm analyzing this, I'll see 
if I find this symptom also with a publically available jar file.

> One idea is DSA/RSA certs are supported by different levels of Java.
> Perhaps the file is marked for an old Java version and Jarsigner
> thinks the cert is not valid for it.

I'm not sure, I'm following you here, but I do have verified that 
all class files in that jar are of same class-file version. They
all start with the same "CA FE BA BE 00 03 00 2D" bytes.

Are there other criteria that could make jarsigner see a particular
class file unfit?  I'd have expected, that jarsigner could deal with
any file regardless its contents, anyway. All it is supposed to do
with each content file is obtain the sha1-checksum. The certificate
will then only be used to sign the Name+Checksum-entries of the
MANIFEST.MF, so the actual contents do not even get in touch with
the signing certificate.

PS: I've now binary patched that one class file (changed some 
  String literal within it), and sent the resulting jar file to
  those who sign it (though I don't expect it back before Monday).
  I hope I'll know more, then.

Thank you for answering!

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-11 13:38 +0000
  Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-11 08:45 -0800
    Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-11 17:39 +0000
      Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-11 14:02 -0800
        Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-11 14:14 -0800
          Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-13 16:44 +0000
            Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-13 20:08 -0800
              Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-14 09:59 +0000
              Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-14 12:30 +0000
                Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-14 15:10 -0800
                Re: really odd problem with jar signing Gene Wirchenko <genew@telus.net> - 2013-01-14 16:16 -0800
                Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-15 09:42 +0000
  Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-11 10:01 -0800
    Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-11 18:41 +0000
      Re: really odd problem with jar signing Joerg Meier <joergmmeier@arcor.de> - 2013-01-13 10:49 +0100
        Re: really odd problem with jar signing Lars Enderin <lars.enderin@telia.com> - 2013-01-13 11:35 +0100
        Re: really odd problem with jar signing Arne Vajhøj <arne@vajhoej.dk> - 2013-01-13 22:56 -0500
        Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-16 09:12 +0000
          Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-16 20:58 -0800
            Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-17 15:16 +0000
              Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-17 14:36 -0800
                Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-18 15:24 +0000
                Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-18 23:32 -0800
                Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-24 12:46 +0000

csiph-web