尝试运行 jar 文件时，Manifest 主要属性异常的无效签名文件摘要 [英] Invalid signature file digest for Manifest main attributes exception while trying to run jar file

问题描述

我正在尝试运行我的项目的 jar 文件.我正在研究 intelliJ 并使用工件来生成 jar 文件.但每次我试图运行我的 jar 文件时，它都会给我一个例外.

I am trying to run the jar file of my project. I am working on intelliJ and have use artifacts to generate the jar file. But everytime i am trying to run my jar file its giving me exception.

java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
    at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:284)
    at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:238)
    at java.util.jar.JarVerifier.processEntry(JarVerifier.java:316)
    at java.util.jar.JarVerifier.update(JarVerifier.java:228)
    at java.util.jar.JarFile.initializeVerifier(JarFile.java:383)
    at java.util.jar.JarFile.getInputStream(JarFile.java:450)
    at sun.misc.JarIndex.getJarIndex(JarIndex.java:137)
    at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:839)
    at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:831)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:830)
    at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:803)
    at sun.misc.URLClassPath$3.run(URLClassPath.java:530)
    at sun.misc.URLClassPath$3.run(URLClassPath.java:520)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.misc.URLClassPath.getLoader(URLClassPath.java:519)
    at sun.misc.URLClassPath.getLoader(URLClassPath.java:492)
    at sun.misc.URLClassPath.getNextLoader(URLClassPath.java:457)
    at sun.misc.URLClassPath.getResource(URLClassPath.java:211)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:365)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" 

这是我的清单文件:

Manifest-Version: 1.0
Main-Class: Main

然后将外部库添加到我的项目中

Then the external libraries added to my project

我做错了什么??

推荐答案

你的一些依赖 JAR 是一个签名的 JAR，所以当你将所有的 JAR 合并到一个 JAR 中并运行该 JAR 时，签名的 JAR 的签名不匹配up，因此您会收到有关签名不匹配的安全异常.

Some of your dependency JARs is a signed JAR, so when you combine then all in one JAR and run that JAR then signature of the signed JAR doesn't match up and hence you get the security exception about signature mis-match.

要解决此问题，您需要首先确定哪些所有依赖 JAR 是签名的 JAR，然后排除它们.根据您使用的是 MAVEN 还是 ANT，您必须采取适当的解决方案.以下是但您可以在此处、这里 和此处.

To fix this you need to first identify which all dependency JARs are signed JARs and then exclude them. Depending upon whether you are using MAVEN or ANT, you have to take appropriate solution. Below are but you can read more here, here and here.

马文:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-dependency-plugin</artifactId>
    <version>2.6</version>
    <executions>
        <execution>
            <id>unpack-dependencies</id>
            <phase>package</phase>
            <goals>
                <goal>unpack-dependencies</goal>
            </goals>
            <configuration>
                <excludeScope>system</excludeScope>
                <excludes>META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA</excludes>
                <excludeGroupIds>junit,org.mockito,org.hamcrest</excludeGroupIds>
                <outputDirectory>${project.build.directory}/classes</outputDirectory>
            </configuration>
        </execution>
    </executions>
</plugin>

蚂蚁:

<jar destfile="app.jar" basedir="${classes.dir}">
    <zipfileset excludes="META-INF/**/*" src="${lib.dir}/bcprov-jdk16-145.jar"></zipfileset>
    <manifest>
        <attribute name="Main-Class" value="app.Main"/>
    </manifest>
</jar>

<小时>

根据 OP 的评论更新:

sqljdbc4.jar"是 OP 外部库中的签名 JAR.因此，按照上述方法系统地排除与签名相关的文件，如 .SF、.RSA 或 .DES 或其他算法文件是前进的正确方法.

"sqljdbc4.jar" was the signed JAR in OP's external libraries. So, following above approach to systematically exclude the signature related files like .SF, .RSA or .DES or other algorithms files is the right way to move forward.

如果不排除这些签名文件，则会因为签名不匹配而发生安全异常.

If these signature files are not excluded then security exception will occur because of signature mismatch.

如何知道 JAR 是否已签名?:如果 JAR 包含诸如 .SF、.RSA 或 .DES 之类的文件或其他算法文件，则它是已签名的 JAR.或者运行 jarsigner -verify jarname.jar 看看它是否输出已验证"

How to know if a JAR is signed or not?: If a JAR contains files like files like .SF, .RSA or .DES or other algorithms files, then it is a signed JAR. Or run jarsigner -verify jarname.jar and see if it outputs "verified"

这篇关于尝试运行 jar 文件时，Manifest 主要属性异常的无效签名文件摘要的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！