jarsigner and webstart

[Rolf Gabler-Mieck]

Hi all
I try to start my Japplet with webstart.
[the first time I try this...]
so at first I create the jar,
then I create a key with keytool

keytool -genkey -alias key_name

then I use jarsigner to sign the jar,
if I check using the verbose option I
got that note:

Note: This jar contains unsigned entries which are not
integrity-checked. Re-run with -verbose to list unsigned entries.

all files were set with smk*
but not the directories... is this meant?

Problem is that when I start the jnlp-file I'll
get an download error which tell me that parts
of the jar are not signed....

has anybody of you hints or Ideas how to solve this?

best regards
rolf


* s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore

 

[Roedy Green]

Note: This jar contains unsigned entries which are not
integrity-checked. Re-run with -verbose to list unsigned entries.

A jar build and sign should look something like this:
Please excuse the wrap. Newsgroups need some work to distribute code
listings. The key is to prepare the complete jar, then sign. Don't add
anything later.


@echo off
@echo °±²Û compile.bat: compile wassup with JavaC, create jar, sign
jar. Û²±°

if "%COMPUTERNAME%" == "ROEDY" goto OK
@echo °±²Û Error: compile.bat for wassup should be customised before
use on your machine. Û²±°
pause
exit
:OK

rem compile all *.java to *.class files.
C:
CD c:\com\mindprod\wassup
javac -source 1.4 -target 1.4 *.java
if errorlevel 1 pause °±²Û Wassup compile errors Û²±°

rem build com\mindprod\wassup\wassup.jar
CD \
if exist com\mindprod\wassup\wassup.jar del
com\mindprod\wassup\wassup.jar
rem jar {ctxu}[vfm0M] [jar-file] [manifest-file] [-C dir] files ...
rem -c create new archive
rem -t list table of contents for archive
rem -x extract named (or all) files from archive
rem -u update existing archive
rem -v generate verbose output on standard output
rem -f specify archive file name
rem -m include manifest information from specified manifest file
rem -0 store only; use no ZIP compression
rem -M do not create a manifest file for the entries
rem -i generate index information for the specified jar files
rem -C change to the specified directory and include the following
file
rem If any file is a directory then it is processed recursively.
rem The manifest file name and the archive file name needs to be
specified
rem in the same order the 'f' and 'm' flags are specified.
jar.exe -cvfm com\mindprod\wassup\wassup.jar
com\mindprod\wassup\main.mft com\mindprod\wassup\*.class
@com\mindprod\wassup\forjar.list
if errorlevel 1 pause °±²Û wassup.jar jar building errors Û²±°

rem sign the com\mindprod\wassup\wassup.jar jar
CD c:\com\mindprod\wassup
jarsigner -storepass %jarsignerpassword wassup.jar mindprodcert
if errorlevel 1 pause °±²Û wassup.jar jar signing errors Û²±°
C:
CD c:\com\mindprod\wassup

rem copy jar to website for testing
copy wassup.jar e:\mindprod\applets

rem Update the 4NT file descriptions in descript.ion and README.TXT
CD c:\com\mindprod\wassup
call desc.btm
rem -30-

--
Bush crime family lost/embezzled $3 trillion from Pentagon.
Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

Canadian Mind Products, Roedy Green.
See http://mindprod.com/iraq.html photos of Bush's war crimes

 

[Rolf Gabler-Mieck]

hmmm,
thanks for that batch,
my way was/is
jarsigner -keystore mycertificate -storepass mypwd myarchive.jar mykeyname
whih produces that kind of jar I got trouble with.

you did

jarsigner -storepass %jarsignerpassword wassup.jar mindprodcert

when I do this
using
jarsigner -storepass mypwd myarchive.jar mykeyname

I'll get an error by jarsigner, which told me that
Certificate chain not found for mykeyname
mykeyname must reference a valid KeyStore key entry containing a private
key and corresponding public key certificate chain.

now I am irritated... whats that??
keytool -list keystore mycertificate storepass mypwd

show me the key....

total confusing is the result now...
....further help is welcome!
regrads
rolf

 

[Roedy Green]

jarsigner -keystore mycertificate -storepass mypwd myarchive.jar mykeyname
whih produces that kind of jar I got trouble with.

you did

jarsigner -storepass %jarsignerpassword wassup.jar mindpro

I think your confusion is between the keystore container and the
certificate in the container.

The certificate in one of many in the keystore.
the keystore is named something like .keystore. the certificate is
named something like mindprodcert


--
Bush crime family lost/embezzled $3 trillion from Pentagon.
Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

Canadian Mind Products, Roedy Green.
See http://mindprod.com/iraq.html photos of Bush's war crimes

 

[Rolf Gabler-Mieck]

I think your confusion is between the keystore container and the
certificate in the container.

The certificate in one of many in the keystore.
the keystore is named something like .keystore. the certificate is
named something like mindprodcert

Hi
Ah yep could be true and also I am one step closer to my goal...
now webstart tell me that my archive is signed twice...
but I wonder that there is no tutorial that covers different
examples in how to setup all this.

my goal is to bring a j3d-applet, using loads of data, loadable from the
jar, also it is using a jar which normally has to be in the ext folder.
the user should be able to save some images...

I am sure that I am not the first person who tried this...

but the how to do is really complicated due some very cryptic
explanations/specifications mostly covereing just one of all these topics.

may if you got a hint.
e.g your site for the manifest file is very interesting & good, after
reading I was able to detect that ther's no way in the manifest to
tell the jar where the data is and so far
was a tiny part of the puzzle.

may you gt hints for sites which cover the described case more special
best regards
rolf

 

[Andrew Thompson]

my goal is to bring a j3d-applet, using loads of data, loadable from the
jar, also it is using a jar which normally has to be in the ext folder.
the user should be able to save some images...

I am sure that I am not the first person who tried this...

Surely not, ..but you might be the first person to achieve success. ;-)

 

[Roedy Green]

Ah yep could be true and also I am one step closer to my goal...
now webstart tell me that my archive is signed twice...
but I wonder that there is no tutorial that covers different
examples in how to setup all this.

see http://mindprod.com/jgloss/signedapplets.html and follow the
links.

I give you recipes.

--
Bush crime family lost/embezzled $3 trillion from Pentagon.
Complicit Bush-friendly media keeps mum. Rumsfeld confesses on video.
http://www.infowars.com/articles/us/mckinney_grills_rumsfeld.htm

Canadian Mind Products, Roedy Green.
See http://mindprod.com/iraq.html photos of Bush's war crimes

 

[Rolf Gabler-Mieck]

Surely not, ..but you might be the first person to achieve success. ;-)

hmmm...sounds not so nice...may if I'll some day get success I'll
describe it on a website....but mabe thats what Roedy did,
so I'll try his recepts in setting up a jar for webstart...
regards
rolf

 

[Rolf Gabler-Mieck]

see http://mindprod.com/jgloss/signedapplets.html and follow the
links.

I give you recipes.

OK, I'll try this, the last I read from your site was very nice to read
and understandable, also some more informations then anywhere else I
searched.
best thanks for the link and also for your work
I'll hope the next posting will be something like...it is done
will c
regards
Rolf