jarsigner:此jar包含未验证证书链的条目 [英] jarsigner: This jar contains entries whose certificate chain is not validated
问题描述
我正在尝试编写一个JAR文件的代码并使用JDK 1.7u1。我们获得了GoDaddy代码签名证书,我按照说明(方法1): http://help.godaddy .com / article / 4780
I'm trying to code sign a JAR file and am using JDK 1.7u1. We acquired a GoDaddy Code Signing certificate and I followed the instructions (Approach 1) here: http://help.godaddy.com/article/4780
JAR签名没问题,但每当我尝试运行命令时:
jarsigner使用JDK 1.7u1在我签名的JAR上验证
我得到以下输出:
The JAR signs fine, however whenever I try to run the command:
jarsigner -verify
on my signed JAR using JDK 1.7u1 I get the following output:
s 180 Mon Dec 05 10:24:32 EST 2011 META-INF/MANIFEST.MF
[entry was signed on 12/5/11 10:24 AM]
X.509, CN=Removed Company Name, O=Removed Company Name, L=Removed City, ST=Removed State, C=US
[certificate is valid from 12/2/11 4:30 PM to 12/2/13 4:30 PM]
X.509, SERIALNUMBER=00000000, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
[certificate is valid from 11/15/06 8:54 PM to 11/15/26 8:54 PM]
X.509, OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
[certificate is valid from 6/29/04 1:06 PM to 6/29/34 1:06 PM]
[CertPath not validated: null]
342 Mon Dec 05 10:24:34 EST 2011 META-INF/JAVACSC.SF
6180 Mon Dec 05 10:24:34 EST 2011 META-INF/JAVACSC.RSA
0 Mon Dec 05 10:24:30 EST 2011 META-INF/
sm 2161 Wed Nov 30 10:23:20 EST 2011 C:/Users/Seth/Desktop/JAR/RunAppSF.class
[entry was signed on 12/5/11 10:24 AM]
X.509, CN=Removed Company Name, O=Removed Company Name, L=Removed City, ST=Removed State, C=US
[certificate is valid from 12/2/11 4:30 PM to 12/2/13 4:30 PM]
X.509, SERIALNUMBER=00000000, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
[certificate is valid from 11/15/06 8:54 PM to 11/15/26 8:54 PM]
X.509, OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
[certificate is valid from 6/29/04 1:06 PM to 6/29/34 1:06 PM]
[CertPath not validated: null]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
我还尝试了 jarsigner -verify
命令在JDK 1.6u26和1.6u14上使用与上面相同的JAR,它恢复正常。 (从1.6u26以下输出)。
I also tried the jarsigner -verify
command using the same JAR as above on JDK 1.6u26 and 1.6u14 and it came back as being fine. (Output below from 1.6u26).
180 Mon Dec 05 10:24:32 EST 2011 META-INF/MANIFEST.MF
342 Mon Dec 05 10:24:34 EST 2011 META-INF/JAVACSC.SF
6180 Mon Dec 05 10:24:34 EST 2011 META-INF/JAVACSC.RSA
0 Mon Dec 05 10:24:30 EST 2011 META-INF/
sm 2161 Wed Nov 30 10:23:20 EST 2011 C:/Users/Seth/Desktop/JAR/RunAppSF.class
[entry was signed on 12/5/11 10:24 AM]
X.509, CN=Removed Company Name, O=Removed Company Name, L=Removed City, ST=Removed State, C=US
[certificate is valid from 12/2/11 4:30 PM to 12/2/13 4:30 PM]
X.509, SERIALNUMBER=00000000, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
[certificate is valid from 11/15/06 8:54 PM to 11/15/26 8:54 PM]
[KeyUsage extension does not support code signing]
X.509, OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
[certificate is valid from 6/29/04 1:06 PM to 6/29/34 1:06 PM]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
我是否错过了为JDK 1.7正确签名JAR所需的额外步骤?
Am I missing an extra step I need to take to get the JAR signed properly for JDK 1.7?
推荐答案
你不缺少任何东西,你肯定不一个人这个问题。经过近12个小时的斗争,我发现问题的根源在于将 JDK 1.7
中的二进制文件与旧版本的Java混合使用,例如 JRE-1.6
。更准确地说, keytool
附带 JRE
,而 JDK
随附 keytool
和 jarsigner
。
You are not missing anything and you are definitely not alone with this problem. After a struggle of almost 12 hours, I figured out that the root of the problem lies in mixing binaries from JDK 1.7
with an older version of Java such as JRE-1.6
. To be more precise, keytool
comes with JRE
, while JDK
ships with both keytool
and jarsigner
.
所以为了解决这个问题,我从我的系统中完全卸载了 JDK-1.7
并安装了 JDK-1.6 Update 30
。现在,如果我要做 jarsigner -verify -verbose -certs blah.jar
它会产生 jar验证
而没有任何警告我认为这就是你的期望。
So, to resolve the issue, I have completely uninstalled JDK-1.7
from my system and installed JDK-1.6 Update 30
. Now, if I would do jarsigner -verify -verbose -certs blah.jar
it would produce jar verified
without any warning which I believe is what you expect.
这篇关于jarsigner:此jar包含未验证证书链的条目的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!