我的公司有一个 Java 应用程序,我们最近开始使用 Godaddy 证书对其进行签名。这是通过 Web Start 部署的应用程序。我已经在jdk 7u45上测试过了。正如预期的那样,我收到一个安全对话框,要求我为发布者(我的公司)安装证书。这很好,但随后又出现两个安全对话框,警告我正在执行未知发布者的应用程序。所以这实际上是一个由两部分组成的问题:
- 为什么同一应用程序有多个对话框?
- 为什么其中两人报告发布商未知?
我不确定哪些附加信息对诊断此问题有用,但如果有帮助,我可以提供更多信息。
编辑:我使用 Maven 来构建应用程序,它可以自动执行代码签名。 Maven 的默认签名过程可能出了问题,但我不确定那是什么。
更新:运行 Jcs 的命令并检查 Maven 日志后,据我所知,一切似乎都已签名并在 list 中。除了 list (显然是 sk)之外,每个文件都报告 smk。
更新:我确实在 Maven 日志中的一些依赖项中找到了这个:
[debug] Executing: /bin/sh -c "cd /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp && /var/lib/jenkins/tools/hudson.model.JDK/jdk7u25/jre/../bin/jarsigner -verify /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/unprocessed_equinox-common-3.6.0.jar"
[info] jar verified.
[info]
[info] Warning:
[info] This jar contains entries whose signer certificate has expired.
[info] This jar contains entries whose certificate chain is not validated.
[info]
[info] Re-run with the -verbose and -certs options for more details.
[INFO] remove signature from : /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/unprocessed_equinox-common-3.6.0.jar
[info] remove file :/var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/temp_extracted_jars/unprocessed_equinox-common-3.6.0.jar/META-INF/ECLIPSEF.SF
[info] remove file :/var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/temp_extracted_jars/unprocessed_equinox-common-3.6.0.jar/META-INF/ECLIPSEF.RSA
[INFO] Building jar: /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/unprocessed_equinox-common-3.6.0.jar
我不知道“未处理”是什么意思,但是标题中没有“未处理”的同一个 jar“equinox-common”会出现在构建中稍后进行正确签名:
../bin/jarsigner -verify -verbose /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/equinox-common-3.6.0.jar"
[info]
[info] s 7814 Tue Dec 10 10:42:46 CST 2013 META-INF/MANIFEST.MF
[info] 7940 Tue Dec 10 10:42:46 CST 2013 META-INF/JAG_CERT.SF
[info] 4247 Tue Dec 10 10:42:46 CST 2013 META-INF/JAG_CERT.RSA
[info] 0 Tue Dec 10 10:40:28 CST 2013 META-INF/
[info] sm 76 Thu Jun 24 08:53:50 CDT 2010 META-INF/eclipse.inf
[info] sm 1746 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/runtime/SubMonitor$RootInfo.class
[info] sm 301 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IProgressMonitorWithBlocking.class
[info] sm 6213 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/PluginVersionIdentifier.class
[info] sm 1582 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/CoreException.class
[info] sm 3918 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/Status.class
[info] sm 187 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IAdaptable.class
[info] sm 1194 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/NullProgressMonitor.class
[info] sm 2110 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/ProgressMonitorWrapper.class
[info] sm 384 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IBundleGroup.class
[info] sm 2499 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/SafeRunner.class
[info] sm 1560 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/QualifiedName.class
[info] sm 4912 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/runtime/SubMonitor.class
[info] sm 2646 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/MultiStatus.class
[info] sm 253 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/ISafeRunnable.class
[info] sm 237 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/ILogListener.class
[info] sm 1896 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/ListenerList.class
[info] sm 575 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IStatus.class
[info] sm 722 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/PlatformObject.class
[info] sm 258 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IBundleGroupProvider.class
[info] sm 572 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/OperationCanceledException.class
[info] sm 860 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IAdapterManager.class
[info] sm 2725 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/FileLocator.class
[info] sm 263 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IAdapterFactory.class
[info] sm 6756 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/runtime/URIUtil.class
[info] sm 431 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IProgressMonitor.class
[info] sm 484 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/AssertionFailedException.class
[info] sm 1508 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IPath.class
[info] sm 1350 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/Assert.class
[info] sm 2431 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/runtime/SubProgressMonitor.class
[info] sm 14651 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/Path.class
[info] sm 3255 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/boot/PlatformURLHandler.class
[info] sm 2092 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/boot/PlatformURLBaseConnection.class
[info] sm 11789 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/boot/PlatformURLConnection.class
[info] sm 1293 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLConverter.class
[info] sm 7591 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/FindSupport.class
[info] sm 3034 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/internal/runtime/commonMessages.properties
[info] sm 2951 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLFragmentConnection.class
[info] sm 2705 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/DevClassPathHelper.class
[info] sm 675 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/MetaDataKeeper.class
[info] sm 1717 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PrintStackUtil.class
[info] sm 1423 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/LocalizationUtils.class
[info] sm 5419 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ResourceTranslator.class
[info] sm 9033 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/AdapterManager.class
[info] sm 1951 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/CommonMessages.class
[info] sm 1218 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet$StrongReference.class
[info] sm 390 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/IRuntimeConstants.class
[info] sm 3672 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLMetaConnection.class
[info] sm 5094 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet.class
[info] sm 2741 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/RuntimeLog.class
[info] sm 10406 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/Activator.class
[info] sm 1895 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet$HashableSoftReference.class
[info] sm 240 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/IAdapterManagerProvider.class
[info] sm 1785 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet$HashableWeakReference.class
[info] sm 4032 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLPluginConnection.class
[info] sm 271 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/IAdapterFactoryExt.class
[info] sm 6107 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/DataArea.class
[info] sm 3649 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLConfigConnection.class
[info] sm 330 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet$HashedReference.class
[info] sm 780 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/equinox/events/MemoryEventConstants.class
[info] sm 604 Wed May 20 16:19:18 CDT 2009 plugin.properties
[info] sm 641 Thu Jun 24 08:39:44 CDT 2010 .api_description
[info] sm 1432 Sat Jun 03 09:14:58 CDT 2006 about.html
[info] 0 Thu Jun 24 08:34:46 CDT 2010 org/
[info] 0 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/
[info] 0 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/
[info] 0 Tue Dec 10 10:40:28 CST 2013 org/eclipse/core/runtime/
[info] 0 Tue Dec 10 10:40:28 CST 2013 org/eclipse/core/internal/
[info] 0 Tue Dec 10 10:40:28 CST 2013 org/eclipse/core/internal/boot/
[info] 0 Tue Dec 10 10:40:28 CST 2013 org/eclipse/core/internal/runtime/
[info] 0 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/equinox/
[info] 0 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/equinox/events/
[info]
[info] s = signature was verified
[info] m = entry is listed in manifest
[info] k = at least one certificate was found in keystore
[info] i = at least one certificate was found in identity scope
[info]
[info] jar verified.
最佳答案
答案比我想象的要简单。我们通过 Web Start (jnlp) 部署应用程序。主 jnlp 引用了其他 jnlp,其中包括不受我们的构建系统管理的外部库,因此未使用经过验证的证书进行签名。我不知道这些依赖关系,因为我不是最初创建该应用程序的人。有两个依赖项,每个依赖项都会导致一个单独的安全对话框。
总结:导致此问题的原因是由未经验证的证书签名的外部依赖项,这些依赖项不是由 maven 构建过程管理的,而是通过唯一的 jnlps 引用的。
关于java - 通过 Web Start 执行单个 Java 应用程序时的多个安全对话框,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20483241/