1

After update JRE to 1.7 update45, my Eclipse(3.6) Web Start application can not be launched anymore. I try to add following security attributes in the manifest of jars to solve it.

  • Permissions: all-permissions
  • Codebase: *
  • Application-Name: Application

But after I modify the manifest of Eclipse JAR(a signed JAR) and resigned using my own certificate, it pops up exception when start-up: Invalid signature file digest for Manifest main attributes

My questions are:

  1. When use java 1.7_45, is it mandatory to add these security attributes to manifest of all application JARS(including Eclipse JARS) ?

  2. If it's mandtory, how can I add these attributes for Eclipse JARS? The Eclipse JARS are already been signed, we cannot modify the manifest easily.

Can anybody help me?

user2935615
  • 11
  • 2
  • What was the actual problem, any errors when you start your application? Post them! Which security changes should be applied? Are you doing some cryptography? Do you mean the [Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files](http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html)? – Manuel Oct 30 '13 at 09:44
  • 1
    possible duplicate of [How do I add Codebase, Permissions, and Application-Name to my JNLP app manifest?](http://stackoverflow.com/questions/19659134/how-do-i-add-codebase-permissions-and-application-name-to-my-jnlp-app-manifest) – trashgod Oct 30 '13 at 09:58
  • My application is RCP Web Start Application, I want to add Codebase, Permission and Application-Name to Eclipse JARS(already signed with Eclipse certificate), how can achieve it? – user2935615 Oct 31 '13 at 02:24

1 Answers1

1

Your question first:

  1. If you are going to self-sign, you should create your own keystore and tell Eclipse to use that to sign your .jars. That way you can reuse that same keystore to resign your .jars when you add the necessary manifest attributes. Don't tell Eclipse to self-sign using a generated keystore. About half-way down this page has instructions on how to create your own keystore (NOTE: this should only serve as a temporary fix, you should get away from self-signed apps. Read the bottom of this post).
  2. I could be wrong, but if you are adding your manifest attributes via a text editor, that will not work. I am not sure why, but I tried to add them via a text editor and it did not work. You should place what you need to add in a text file and add the manifest attributes via the command jar ufm dist\myApp.jar addToManifest.txt in the console.

Not your question, but important:

Self-signed keys are deprecated as of 7u25. If you work for a business or you have clients who use software, then I'd tell them you need a signed certificate from a Certificate Authority. Even a small business should be able to afford the small amount it costs for a certificate. And it's very worth it if you are a contractor (like me) with multiple clients. In fact, it will be mandatory in the future. So, bite the bullet.

EDIT: for more information about how to add manifest attributes and re-sign, visit this thread: How do I fix "missing Codebase, Permissions, and Application-Name manifest attribute" in my JNLP app?. You'll need a non-Eclipse-generated keystore, though.

Community
  • 1
  • 1
ryvantage
  • 13,064
  • 15
  • 63
  • 112