Java webstart maven插件jarsigner失败,SHA1签名文件摘要无效
我一直在努力使webstart maven插件使用真正的证书。我确实需要帮助 当我对JNLP jar进行自签名时,一切都很顺利。 为了在启动应用程序时消除Oracle的安全警报,我们购买了一个证书。(顺便说一句,它很贵!) 我配置了keystone并更改了POM以使用新证书对我的应用程序进行签名,现在我得到:Java webstart maven插件jarsigner失败,SHA1签名文件摘要无效,java,maven,jnlp,jarsigner,Java,Maven,Jnlp,Jarsigner,我一直在努力使webstart maven插件使用真正的证书。我确实需要帮助 当我对JNLP jar进行自签名时,一切都很顺利。 为了在启动应用程序时消除Oracle的安全警报,我们购买了一个证书。(顺便说一句,它很贵!) 我配置了keystone并更改了POM以使用新证书对我的应用程序进行签名,现在我得到: [info] jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for OSGI-OPT
[info] jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for OSGI-OPT/src/org/osgi/framework/PackagePermission.java
插件配置为:
<plugin>
<groupId>org.codehaus.mojo.webstart</groupId>
<artifactId>webstart-maven-plugin</artifactId>
<executions>
<execution>
<!-- bind to phase, I prefer to call it manualls -->
<phase>package</phase>
<goals>
<goal>jnlp-inline</goal> <!-- use jnlp, jnlp-inline or jnlp-single as appropriate -->
</goals>
</execution>
</executions>
<configuration>
<excludeTransitive>false</excludeTransitive>
<libPath>lib</libPath>
<outputJarVersions>true</outputJarVersions>
<dependencies>
</dependencies>
<jnlp>
<outputFile>mix.jnlp</outputFile>
<mainClass>${my_main_class}</mainClass>
</jnlp>
<sign>
<keystore>${basedir}/NitryxKeyStore</keystore>
<keypass>${keypass}</keypass>
<storepass>${storepass}</storepass>
<alias>codesigncert</alias>
<verify>true</verify>
<!-- KEYSTORE MANAGEMENT -->
<keystoreConfig>
<delete>false</delete>
<gen>false</gen>
</keystoreConfig>
</sign>
<pack200>true</pack200>
<gzip>true</gzip>
<outputJarVersions>false</outputJarVersions>
<verbose>true</verbose>
</configuration>
</plugin>
我花了几个小时在谷歌上搜索,似乎这与两次签署jar或pack200 bug有关。如果您能提供任何帮助,我将不胜感激
Tks我手动打开有问题的.jar并删除清单解决了这个问题您使用哪个版本的
webstart maven插件
?我手动打开有问题的.jar并删除基于maven的项目的manifestNote解决了这个问题,请仔细查看排序。确保只有在混淆之后才对jar进行签名!
...
[INFO] signing: org/osgi/service/url/URLConstants.class
[INFO] signing: org/osgi/service/url/URLStreamHandlerService.class
[INFO] signing: org/osgi/service/url/URLStreamHandlerSetter.class
[INFO] signing: org/osgi/service/url/packageinfo
[debug] jarsigner executable [/Library/Java/JavaVirtualMachines/jdk1.7.0_25.jdk/Contents/Home/jre/bin/jarsigner]
[debug] Executing: /bin/sh -c "cd /Users/rodrigo/Documents/Nitryx/Technical/Projects/Nitryx-Mix/mix-wstart/target/jnlp && /Library/Java/JavaVirtualMachines/jdk1.7.0_25.jdk/Contents/Home/jre/bin/jarsigner -verify -verbose /Users/rodrigo/Documents/Nitryx/Technical/Projects/Nitryx-Mix/mix-wstart/target/jnlp/lib/org.osgi.core-4.0.0.jar"
[info] jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for OSGI-OPT/src/org/osgi/framework/PackagePermission.java