3

I am completely new to Java environment. I am facing an issue after executing a Jar file. I am using Eclipse KEPLER for Java programming. I exported my project using File->Export ->Runnable Jar file. The jar file is created. When I launched the jar using Java - jar file names. In jar I got some errors which I have attached to these questions. I looked at this invalid SHA1 signature file digest and tried the same. I am still getting the issue.

Error : Exception in thread "main" java.lang.SecurityException:invalid SHA1 Signature file digest for com/microsoft/sqlserver/jdbc/SQLServerException.class

Community
  • 1
  • 1
Karthi
  • 708
  • 1
  • 19
  • 38

3 Answers3

6

The error means that one of the JAR files on the classpath contains a MANIFEST.MF with an entry for com/microsoft/sqlserver/jdbc/SQLServerException.class and the SHA1 checksum in there doesn't match.

The first thing to check is that the JARs aren't corrupt. Since you can run the project from inside of Eclipse, they seem to be OK.

Which leaves the exported JAR. My guess is that the export process left junk in there. Open it (JAR archives are ZIP archives, so any ZIP tool will work) and look for MANIFEST.MF files.

One of them contains the entry mentioned above. When you have found it, compare it to the version from the original JAR. They must be 100% identical.

[EDIT] The option "Extract required libraries into generated JAR" has a bug: It leaves signatures in the MANIFEST.MF. The problem here is that signatures depend on the exact content of the manifest. If even a single bit changes anywhere, the signatures become corrupt. This is by design: Otherwise, an attacker could modify the code.

Try "Package required libraries into generated JAR".

If that doesn't work, you have to use the last option. When passing on the executable project, make sure you include the JAR and the sub-folder.

Aaron Digulla
  • 321,842
  • 108
  • 597
  • 820
  • Thanks. I verified the details.They are 100% Identical..SQL Server Jar file – Karthi Jan 30 '14 at 10:03
  • Sorry, I cannot get what you have said. As per your comment, I looked at MANIFEST.MF file in the Jar file I have created and the MANIFEST.MF in the sqlserver JAR. Both are similar to each other. I could not see any other MANIFEST.MF in the META-INT Folders. Do you think I am missing something here. ? – Karthi Jan 30 '14 at 10:24
  • The whole JAR archive contains a single MANIFEST.MF? There are no nested JAR archives? – Aaron Digulla Jan 30 '14 at 10:36
  • "The option "Extract required libraries into generated JAR" has a bug: It leaves signatures in the MANIFEST.MF. The problem here is that signatures depend on the exact content of the manifest. If even a single bit changes anywhere, the signatures become corrupt. This is by design: Otherwise, an attacker could modify the code." This step solved my issue. I didn't know about this earlier. thanks anyway for the help – Karthi Jan 30 '14 at 11:33
1

I solved the signature problem nonsense by

  • unpacking sqljdbc41.jar (using WinZip) removing all pairs of Name: SHA1-Digest: in MANIFEST.MF
  • deleting MSFTSIG.RSA, MSFTSIG.SF
  • repacking sqljdbc41.jar (using WinZip)
Per Lindberg
  • 737
  • 8
  • 8
0

I have removed the old sqljdbc jar and used the latest one. It solved my issue

Jag
  • 77
  • 8