避免出现安全警报“您要运行此应用程序吗?" JWS应用程序 [英] Avoid security alert "Do you want to run this application?" for a JWS app
问题描述
我们有一个Java应用程序,该应用程序使用RxTx更新我们的游戏机固件.为了避免在用户通过WebStart在我们的网站上启动Java应用程序时出现安全警报,我们购买了受信任的证书并使用该证书进行了签名.所有检查都表明该应用程序已成功签名,并且如果我通过Java(6.0.1_41)在Mac(OS X 10.6.8)上通过Safari启动该应用程序,它将启动且没有任何抱怨.
We have a Java application that uses RxTx to update the firmware of our game console. To avoid security alerts when the users starts the Java application on our website through WebStart we have bought a trusted certificate and signed the application with that. All checks indicate that it is successfully signed and if I launch the application via Safari on my Mac(OS X 10.6.8) with Java 1.6.0_41 it starts without any complains.
但是,如果我在Windows 8计算机上使用IE9启动它,则会收到一条警报,提示您您要运行此应用程序吗?该应用程序将不受限制地运行,这可能会使您的计算机和个人信息处于危险之中.运行此应用程序仅在您信任发布者的情况下.此应用程序的数字签名已过期.更多信息".
But if I launch it using IE9 on a Windows 8 machine I get an alert saying "Do you want to run this application? This application will run with unrestricted access which may put your computer and personal information at risk. Run this application only if you trust the publisher. This application's digital signature has expired. More Information".
如果我单击更多信息",则将获得该应用程序将不受限制地访问您的个人文件和计算机上的其他设施(网络摄像头,麦克风).
If I click the More Information I get "This application will run with unrestricted access to your personal files and other facilities(webcam, microphone) on your computer.
尽管该应用程序具有数字签名,但该应用程序的关联文件(JNLP)没有一个.数字签名可确保文件来自供应商,并且文件没有被更改.
Although the application has a digital signature, the application's associated file(JNLP) does not have one. A digital signature ensures that a file is from the vendor and that it has not been altered.
数字签名是使用受信任的证书生成的." 我试图找到一种解决方案,如何不出现此消息,并认为我需要做的是对JNLP文件签名(即按
The digital signature was generated with a trusted certificate." I have tried to find a solution how to not get this message and think what I need to do is sign the JNLP file(i.e. copy it into the jar as pointed out here) but what I cannot find is how to get NetBeans to do that! I'm using NetBeans 6.9.1. Anyone know how to do this and if it is enough to sign the JNLP?
要验证文件是否正确签名,我执行了以下操作:
To verify that the file was correctly signed I did the following:
jarsigner -verify -certs -verbose OribooDesktopClient.jar
6396 Thu Feb 28 17:14:14 CET 2013 META-INF/MANIFEST.MF
6354 Thu Feb 28 17:14:14 CET 2013 META-INF/MOVINTOF.SF
1843 Thu Feb 28 17:14:14 CET 2013 META-INF/MOVINTOF.RSA
0 Thu Feb 28 17:07:28 CET 2013 META-INF/
0 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/
0 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/resources/
0 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/resources/busyicons/
sm 3912 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/BBDatabase.class
X.509, CN=Movinto fun AB, O=Movinto fun AB, STREET=?rev?gen 138, L=?re, ST=J?mtland, OID.2.5.4.17=83013, C=SE
[certificate is valid from 2/28/13 1:00 AM to 3/1/14 12:59 AM]
sm 2497 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/Binary.class
X.509, CN=Movinto fun AB, O=Movinto fun AB, STREET=?rev?gen 138, L=?re, ST=J?mtland, OID.2.5.4.17=83013, C=SE
[certificate is valid from 2/28/13 1:00 AM to 3/1/14 12:59 AM]
....
推荐答案
重要的部分是:
此应用程序的数字签名已过期.
This application's digital signature has expired.
有关详细信息,请参见"Java安全性"对话框的外观,但是您应该期望这样的事情:
See Appearance of Java Security dialog for details, but you should be expecting something like:
要删除过期"消息,答案是续签证书并再次对罐子签名.该对话框仍会显示相应的字词:
To remove the 'expired' message, the answer is to renew the certificate and sign the jars again. The dialog will still display words to the effect:
此应用程序将以不受限制的访问权限运行,这可能会使您的计算机 和个人信息受到威胁.仅当您信任该应用程序时才运行此应用程序 发布者.
This application will run with unrestricted access which may put your computer and personal information at risk. Run this application only if you trust the publisher.
但是区别是:
- 始终信任"将默认为true.
- 带有感叹号的黄色钻石将更改为更友好的名称.
- 数字签名已过期"消息以及左下方的黄色盾牌图像将消失.
这篇关于避免出现安全警报“您要运行此应用程序吗?" JWS应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
