Scribd Logo
Upload

Welcome to Scribd!

  • Java7u21 New Features

    Uploaded by

    Kirshi Yin
    5 views2 pages
    concepts about applets information on how to sign and verify jar files which is required by this java update

    Original Title

    Java7u21 new features

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    concepts about applets information on how to sign and verify jar files which is required by this java update

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    Java7u21 New Features

    Uploaded by

    Kirshi Yin
    concepts about applets information on how to sign and verify jar files which is required by this java update

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Veryfying Signed Jar files:

    jarsigner -verify jar-file


    https://docs.oracle.com/javase/tutorial/deployment/jar/verify.html
    Signing jar files:
    Your alias is "johndoe".
    The keystore you want to use is in a file named "mykeys" in the current working
    directory.
    The TSA that you want to use to time stamp the signature is located at http://ts
    a.url.example.com.
    Under these assumptions, you could use this command to sign a JAR file named app
    .jar:
    jarsigner -keystore mykeys -tsa http://tsa.url.example.com app.jar johndoe
    https://docs.oracle.com/javase/tutorial/deployment/jar/signing.html
    Java 7u21 info:
    http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.htm
    l
    Java SE 7u21 will introduce changes to Java browser plug-in behavior, encouragin
    g application authors and vendors to sign code with a certificate from a trusted
    Certificate Authority. Developers are strongly encouraged to sign code now in p
    reparation for this release and future releases. Details of the new security pr
    ompts can be found in this java.com article.
    Secutiry applets:
    https://www.java.com/en/download/help/appsecuritydialogs.xml
    Starting with 7u25, why is a signed JAR that previously worked fine now being fl
    agged as unsigned?
    Prior to 7u25, some components such as the index.list entry were allowed to be u
    nsigned. As of 7u25, all contents of a JAR must be signed. Failure to do so will
    trigger the unsigned code warning. To properly sign a jar, index entries must b
    e created before the jar is signed. For more information see 8016771. -->
    related: http://bugs.java.com/view_bug.do?bug_id=8016771
    Solution: index.list must be signed
    With 7u21 signed jars were allowed to be loaded without any unsigned warning if
    they contain unsigned index.list entry but this is not true anymore with 7u25.
    With 7u25 an extra unsigned warning message is shown if the jars are signing the
    jars first and then try to add index entries inside it.
    This issue can be resolved if changing the build routine:
    1) Create all index entries first; index.list
    2) Then try to sign all the jars

    How to create index and other commands:


    http://www.codejava.net/java-core/tools/using-jar-command-examples

    You might also like