Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4928787

Java Web Start should not reject multiply signed jars.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P2
    • Resolution: Fixed
    • Affects Version/s: 1.2.0, 1.4.2_03
    • Fix Version/s: 5.0
    • Component/s: deploy
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      tiger
    • CPU:
      x86
    • OS:
      windows_nt, windows_xp

      Description

      Java Web Start has always rejected jars that are multiply signed. It was always proported that the JNLP Spec required this.
      The spec is actually vague on this point, saying only:

      "All the JAR files are signed (both for jar elements and nativelib elements) and can be verified. A JAR file is signed if the signature coveres the entire JAR file. A single certificate must be used to sign each JAR file."
      (with footnote excluding the manifest and the certificate itself)

      Actually it is perfectly valid to sign a JAR file twice, and it is commonly allowed to have unsigned entries, if they are empty directorys.

      We propose changing that wording (the first bullet in sectiuon 5.4) to:

      "All the JAR files are signed (both for jar elements and nativelib elements) and can be verified. A JAR file is signed if all the entries (excluding manifest entries, the signature itself, and empty directories) are signed by a single signature)

      I believe this was the original intent of the spec, not to prevent entries from being multiply signed, but to ensure that one signature covered all the entries.
       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              herrick Andy Herrick (Inactive)
              Reporter:
              herrick Andy Herrick (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: