jarsigner and webstart

Discussion in 'Java' started by Rolf Gabler-Mieck, Jun 28, 2005.

  1. Hi all
    I try to start my Japplet with webstart.
    [the first time I try this...]
    so at first I create the jar,
    then I create a key with keytool

    keytool -genkey -alias key_name

    then I use jarsigner to sign the jar,
    if I check using the verbose option I
    got that note:

    Note: This jar contains unsigned entries which are not
    integrity-checked. Re-run with -verbose to list unsigned entries.

    all files were set with smk*
    but not the directories... is this meant?

    Problem is that when I start the jnlp-file I'll
    get an download error which tell me that parts
    of the jar are not signed....

    has anybody of you hints or Ideas how to solve this?

    best regards
    rolf


    * s = signature was verified
    m = entry is listed in manifest
    k = at least one certificate was found in keystore
     
    Rolf Gabler-Mieck, Jun 28, 2005
    #1
    1. Advertising

  2. Rolf Gabler-Mieck

    Roedy Green Guest

    On Tue, 28 Jun 2005 16:42:48 +0200, Rolf Gabler-Mieck
    <-kiel.de> wrote or quoted :

    >Note: This jar contains unsigned entries which are not
    >integrity-checked. Re-run with -verbose to list unsigned entries.


    A jar build and sign should look something like this:
    Please excuse the wrap. Newsgroups need some work to distribute code
    listings. The key is to prepare the complete jar, then sign. Don't add
    anything later.


    @echo off
    @echo °±²Û compile.bat: compile wassup with JavaC, create jar, sign
    jar. Û²±°

    if "%COMPUTERNAME%" == "ROEDY" goto OK
    @echo °±²Û Error: compile.bat for wassup should be customised before
    use on your machine. Û²±°
    pause
    exit
    :OK

    rem compile all *.java to *.class files.
    C:
    CD c:\com\mindprod\wassup
    javac -source 1.4 -target 1.4 *.java
    if errorlevel 1 pause °±²Û Wassup compile errors Û²±°

    rem build com\mindprod\wassup\wassup.jar
    CD \
    if exist com\mindprod\wassup\wassup.jar del
    com\mindprod\wassup\wassup.jar
    rem jar {ctxu}[vfm0M] [jar-file] [manifest-file] [-C dir] files ...
    rem -c create new archive
    rem -t list table of contents for archive
    rem -x extract named (or all) files from archive
    rem -u update existing archive
    rem -v generate verbose output on standard output
    rem -f specify archive file name
    rem -m include manifest information from specified manifest file
    rem -0 store only; use no ZIP compression
    rem -M do not create a manifest file for the entries
    rem -i generate index information for the specified jar files
    rem -C change to the specified directory and include the following
    file
    rem If any file is a directory then it is processed recursively.
    rem The manifest file name and the archive file name needs to be
    specified
    rem in the same order the 'f' and 'm' flags are specified.
    jar.exe -cvfm com\mindprod\wassup\wassup.jar
    com\mindprod\wassup\main.mft com\mindprod\wassup\*.class
    @com\mindprod\wassup\forjar.list
    if errorlevel 1 pause °±²Û wassup.jar jar building errors Û²±°

    rem sign the com\mindprod\wassup\wassup.jar jar
    CD c:\com\mindprod\wassup
    jarsigner -storepass %jarsignerpassword wassup.jar mindprodcert
    if errorlevel 1 pause °±²Û wassup.jar jar signing errors Û²±°
    C:
    CD c:\com\mindprod\wassup

    rem copy jar to website for testing
    copy wassup.jar e:\mindprod\applets

    rem Update the 4NT file descriptions in descript.ion and README.TXT
    CD c:\com\mindprod\wassup
    call desc.btm
    rem -30-

    --
    Bush crime family lost/embezzled $3 trillion from Pentagon.
    Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
    http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

    Canadian Mind Products, Roedy Green.
    See http://mindprod.com/iraq.html photos of Bush's war crimes
     
    Roedy Green, Jun 28, 2005
    #2
    1. Advertising

  3. hmmm,
    thanks for that batch,
    my way was/is
    jarsigner -keystore mycertificate -storepass mypwd myarchive.jar mykeyname
    whih produces that kind of jar I got trouble with.

    you did

    jarsigner -storepass %jarsignerpassword wassup.jar mindprodcert

    when I do this
    using
    jarsigner -storepass mypwd myarchive.jar mykeyname

    I'll get an error by jarsigner, which told me that
    Certificate chain not found for mykeyname
    mykeyname must reference a valid KeyStore key entry containing a private
    key and corresponding public key certificate chain.

    now I am irritated... whats that??
    keytool -list keystore mycertificate storepass mypwd

    show me the key....

    total confusing is the result now...
    ....further help is welcome!
    regrads
    rolf
     
    Rolf Gabler-Mieck, Jun 28, 2005
    #3
  4. Rolf Gabler-Mieck

    Roedy Green Guest

    On Tue, 28 Jun 2005 17:41:27 +0200, Rolf Gabler-Mieck
    <-kiel.de> wrote or quoted :

    >jarsigner -keystore mycertificate -storepass mypwd myarchive.jar mykeyname
    >whih produces that kind of jar I got trouble with.
    >
    >you did
    >
    >jarsigner -storepass %jarsignerpassword wassup.jar mindpro


    I think your confusion is between the keystore container and the
    certificate in the container.

    The certificate in one of many in the keystore.
    the keystore is named something like .keystore. the certificate is
    named something like mindprodcert


    --
    Bush crime family lost/embezzled $3 trillion from Pentagon.
    Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
    http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

    Canadian Mind Products, Roedy Green.
    See http://mindprod.com/iraq.html photos of Bush's war crimes
     
    Roedy Green, Jun 29, 2005
    #4

  5. >>jarsigner -keystore mycertificate -storepass mypwd myarchive.jar mykeyname
    >>whih produces that kind of jar I got trouble with.
    >>
    >>you did
    >>
    >>jarsigner -storepass %jarsignerpassword wassup.jar mindpro

    >
    >
    > I think your confusion is between the keystore container and the
    > certificate in the container.
    >
    > The certificate in one of many in the keystore.
    > the keystore is named something like .keystore. the certificate is
    > named something like mindprodcert
    >
    >

    Hi
    Ah yep could be true and also I am one step closer to my goal...
    now webstart tell me that my archive is signed twice...
    but I wonder that there is no tutorial that covers different
    examples in how to setup all this.

    my goal is to bring a j3d-applet, using loads of data, loadable from the
    jar, also it is using a jar which normally has to be in the ext folder.
    the user should be able to save some images...

    I am sure that I am not the first person who tried this...

    but the how to do is really complicated due some very cryptic
    explanations/specifications mostly covereing just one of all these topics.

    may if you got a hint.
    e.g your site for the manifest file is very interesting & good, after
    reading I was able to detect that ther's no way in the manifest to
    tell the jar where the data is and so far
    was a tiny part of the puzzle.

    may you gt hints for sites which cover the described case more special
    best regards
    rolf
     
    Rolf Gabler-Mieck, Jun 29, 2005
    #5
  6. On Wed, 29 Jun 2005 12:09:26 +0200, Rolf Gabler-Mieck wrote:

    > my goal is to bring a j3d-applet, using loads of data, loadable from the
    > jar, also it is using a jar which normally has to be in the ext folder.
    > the user should be able to save some images...
    >
    > I am sure that I am not the first person who tried this...


    Surely not, ..but you might be the first person to achieve success. ;-)

    --
    Andrew Thompson
    http://www.PhySci.org/codes/ Web & IT Help
    http://www.PhySci.org/ Open-source software suite
    http://www.1point1C.org/ Science & Technology
    http://www.LensEscapes.com/ Images that escape the mundane
     
    Andrew Thompson, Jun 29, 2005
    #6
  7. Rolf Gabler-Mieck

    Roedy Green Guest

    On Wed, 29 Jun 2005 12:09:26 +0200, Rolf Gabler-Mieck
    <-kiel.de> wrote or quoted :

    >Ah yep could be true and also I am one step closer to my goal...
    >now webstart tell me that my archive is signed twice...
    >but I wonder that there is no tutorial that covers different
    >examples in how to setup all this.


    see http://mindprod.com/jgloss/signedapplets.html and follow the
    links.

    I give you recipes.

    --
    Bush crime family lost/embezzled $3 trillion from Pentagon.
    Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
    http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

    Canadian Mind Products, Roedy Green.
    See http://mindprod.com/iraq.html photos of Bush's war crimes
     
    Roedy Green, Jun 29, 2005
    #7
  8. Andrew Thompson wrote:
    > On Wed, 29 Jun 2005 12:09:26 +0200, Rolf Gabler-Mieck wrote:
    >
    >
    >>my goal is to bring a j3d-applet, using loads of data, loadable from the
    >>jar, also it is using a jar which normally has to be in the ext folder.
    >>the user should be able to save some images...
    >>
    >>I am sure that I am not the first person who tried this...

    >
    >
    > Surely not, ..but you might be the first person to achieve success. ;-)
    >

    hmmm...sounds not so nice...may if I'll some day get success I'll
    describe it on a website....but mabe thats what Roedy did,
    so I'll try his recepts in setting up a jar for webstart...
    regards
    rolf
     
    Rolf Gabler-Mieck, Jun 29, 2005
    #8
  9. Roedy Green wrote:

    > On Wed, 29 Jun 2005 12:09:26 +0200, Rolf Gabler-Mieck
    > <-kiel.de> wrote or quoted :
    >
    >
    >>Ah yep could be true and also I am one step closer to my goal...
    >>now webstart tell me that my archive is signed twice...
    >>but I wonder that there is no tutorial that covers different
    >>examples in how to setup all this.

    >
    >
    > see http://mindprod.com/jgloss/signedapplets.html and follow the
    > links.
    >
    > I give you recipes.


    OK, I'll try this, the last I read from your site was very nice to read
    and understandable, also some more informations then anywhere else I
    searched.
    best thanks for the link and also for your work
    I'll hope the next posting will be something like...it is done :)
    will c
    regards
    Rolf
    >
     
    Rolf Gabler-Mieck, Jun 29, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jay Canale

    Jarsigner and Timestamp

    Jay Canale, Mar 2, 2005, in forum: Java
    Replies:
    3
    Views:
    2,638
    Jay Canale
    Mar 4, 2005
  2. ted holden

    jarsigner?

    ted holden, May 14, 2005, in forum: Java
    Replies:
    2
    Views:
    1,044
    Ross Bamford
    May 14, 2005
  3. Mark Riordan
    Replies:
    5
    Views:
    19,364
    timestamp
    Nov 10, 2011
  4. Ed_Zep

    Jarsigner newbie question

    Ed_Zep, Jan 20, 2007, in forum: Java
    Replies:
    1
    Views:
    419
    Andrew Thompson
    Jan 20, 2007
  5. Satish
    Replies:
    1
    Views:
    628
    Roedy Green
    Oct 11, 2007
Loading...

Share This Page