Java webstart maven插件jarsigner失败，SHA1签名文件摘要无效_Java_Maven_Jnlp_Jarsigner

Java webstart maven插件jarsigner失败，SHA1签名文件摘要无效

java maven

Java webstart maven插件jarsigner失败，SHA1签名文件摘要无效,java,maven,jnlp,jarsigner,Java,Maven,Jnlp,Jarsigner,我一直在努力使webstart maven插件使用真正的证书。我确实需要帮助当我对JNLP jar进行自签名时，一切都很顺利。为了在启动应用程序时消除Oracle的安全警报，我们购买了一个证书。（顺便说一句，它很贵！）我配置了keystone并更改了POM以使用新证书对我的应用程序进行签名，现在我得到： [info] jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for OSGI-OPT

我一直在努力使webstart maven插件使用真正的证书。我确实需要帮助

当我对JNLP jar进行自签名时，一切都很顺利。为了在启动应用程序时消除Oracle的安全警报，我们购买了一个证书。（顺便说一句，它很贵！）

我配置了keystone并更改了POM以使用新证书对我的应用程序进行签名，现在我得到：

[info] jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for OSGI-OPT/src/org/osgi/framework/PackagePermission.java

插件配置为：

        <plugin>
            <groupId>org.codehaus.mojo.webstart</groupId>
            <artifactId>webstart-maven-plugin</artifactId>
            <executions>
                <execution>
                    <!-- bind to phase, I prefer to call it manualls -->
                    <phase>package</phase>
                    <goals>
                        <goal>jnlp-inline</goal> <!-- use jnlp, jnlp-inline or jnlp-single as appropriate -->
                    </goals>
                </execution>
            </executions>
            <configuration>
                <excludeTransitive>false</excludeTransitive>
                <libPath>lib</libPath>
                <outputJarVersions>true</outputJarVersions>
                <dependencies>
                </dependencies>

                <jnlp>
                    <outputFile>mix.jnlp</outputFile> 
                    <mainClass>${my_main_class}</mainClass>
                </jnlp>

                <sign>
                    <keystore>${basedir}/NitryxKeyStore</keystore>
                    <keypass>${keypass}</keypass> 
                    <storepass>${storepass}</storepass>
                    <alias>codesigncert</alias>

                    <verify>true</verify> 

                    <!-- KEYSTORE MANAGEMENT -->
                    <keystoreConfig>
                        <delete>false</delete>
                        <gen>false</gen>
                    </keystoreConfig>
                </sign>

                <pack200>true</pack200>
                <gzip>true</gzip> 

                <outputJarVersions>false</outputJarVersions>

                <verbose>true</verbose>
            </configuration>
        </plugin>

我花了几个小时在谷歌上搜索，似乎这与两次签署jar或pack200 bug有关。如果您能提供任何帮助，我将不胜感激

Tks

我手动打开有问题的.jar并删除清单解决了这个问题

您使用哪个版本的

webstart maven插件

？我手动打开有问题的.jar并删除基于maven的项目的manifestNote解决了这个问题，请仔细查看排序。确保只有在混淆之后才对jar进行签名！

...
[INFO]   signing: org/osgi/service/url/URLConstants.class
[INFO]   signing: org/osgi/service/url/URLStreamHandlerService.class
[INFO]   signing: org/osgi/service/url/URLStreamHandlerSetter.class
[INFO]   signing: org/osgi/service/url/packageinfo
[debug] jarsigner executable [/Library/Java/JavaVirtualMachines/jdk1.7.0_25.jdk/Contents/Home/jre/bin/jarsigner]
[debug] Executing: /bin/sh -c "cd /Users/rodrigo/Documents/Nitryx/Technical/Projects/Nitryx-Mix/mix-wstart/target/jnlp && /Library/Java/JavaVirtualMachines/jdk1.7.0_25.jdk/Contents/Home/jre/bin/jarsigner -verify -verbose /Users/rodrigo/Documents/Nitryx/Technical/Projects/Nitryx-Mix/mix-wstart/target/jnlp/lib/org.osgi.core-4.0.0.jar"
[info] jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for OSGI-OPT/src/org/osgi/framework/PackagePermission.java