Login/Register
JRE 1.7u45 unable to load an applet containing some unsigned entries
Asked Answered
javaappletsigned-applet
S

6

6

I am getting the following error while loading a java applet on JRE 1.7u45.

    java.lang.SecurityException: com.sun.deploy.net.JARSigningException: 
    Found unsigned entry in resource #name of the applet#
    at com.sun.deploy.cache.CacheEntry.getJarFile(Unknown Source) 
    at com.sun.deploy.model.ResourceProvider.getCachedJarFile(Unknown Source)
    at sun.plugin.PluginURLJarFileCallBack$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
    at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
    at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
    at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
    at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

This applet indeed contains one unsigned entry. However I cannot get this entry signed immediately because of third party technical issues.

The same applet worked fine on JRE 1.7u40, but apparently there has been some change in JRE 1.7u45 adding some additional security features.

I tried to reduce the security level in Java to medium. This works on MAC but unfortunately does not work on windows.

Any suggestions/workaround to get the applet to work would be greatly appreciated!

Shari answered 18/10, 2013 at 2:54 Comment(5)
"I cannot get this entry signed immediately because of third party technical issues." What 'issues'? One workaround is to sign those resources yourself.Involution
Hi Andrew, Thanks for your response. signing myself is not an option in my case.Shari
Oracle's notes on security changes. You may also check with the java7u45 release notes. Also is rolling back to java7 update40 an option?Skiver
Did you solve this? I have the same error in self signed jar. Applet is running fine in 1.6 and 1.7.0_b147 But get this same error in 1.7.0_55-b13Tatter
See also #17924135Pillar
L
12

You have to disable the java temporary files

In windows:

  1. control panel
  2. java
  3. General Tab
  4. Temporary Internet File
  5. Settings button
  6. List item
  7. New Dialog : Temporary Files Settings dialog
  8. disable the option : keep temporary files on my computer.
Lattermost answered 9/12, 2013 at 11:51 Comment(1)
also works for 1.7_80 Java Plug-in 10.80.2.15 Using JRE version 1.7.0_80-b15 Java HotSpot(TM) Client VMCheliform
S
5

To work around this, I just disabled Java cache on endpoint machine and the applet started working fine.

Shari answered 23/10, 2013 at 18:2 Comment(0)
P
2

If you are using libraries that are already compiled and packaged into JARs, and signed by the author, you do not have to worry about signing them. But say, you've used someone else's source code (open source hopefully) and have compiled it on your own machine, you must remove the existing signature and re-sign that package. If you are using Java applets, they must be signed now, unless you enjoy a mountain of pain.

Now, this also applies to the packaged libraries within your packaged jar. If they have already been signed, leave them alone. But if you must sign them, make sure you remove any existing certificates from the JAR file before you do so, the same way as your main applet.

Additional information that may help: Your MANIFEST.mf file in all JARs must contain entries for the the properties, as shown in the example below:

Application-Library-Allowable-Codebase: *
Permissions: all-permissions
Caller-Allowable-Codebase: * 
Codebase: *
Application-Name: POSInterface

TIP

If you're deploying a bunch of applets to a web application, I like to automate this whole process of modifying the manifest and code-signing with a batch file and text file containing the above properties that need to be in the manifest.mf file, named addToManifest.txt. Here is an example of how it's done:

@ECHO off
ECHO Changing manifest files for all...
jar ufm Applet_RFID.jar addToManifest.txt
jar ufm FingerPrintReader.jar addToManifest.txt
jar ufm jzebra.jar addToManifest.txt
jar ufm POSInterface.jar addToManifest.txt
jar ufm lib\access-bridge-32.jar addToManifest.txt
jar ufm lib\addToManifest.txt addToManifest.txt
jar ufm lib\dnsns.jar addToManifest.txt
jar ufm lib\dpuareu.jar addToManifest.txt
jar ufm lib\epsonupos.admin.jar addToManifest.txt
jar ufm lib\epsonupos.core.v1.13.0001.jar addToManifest.txt
jar ufm lib\epsonupos.H2000.jar addToManifest.txt
jar ufm lib\epsonupos.H6000IV.jar addToManifest.txt
jar ufm lib\epsonupos.jar addToManifest.txt
jar ufm lib\epsonupos.T20.jar addToManifest.txt
jar ufm lib\epsonupos.T81.jar addToManifest.txt
jar ufm lib\epsonupos.T81II.jar addToManifest.txt
jar ufm lib\epsonupos.T82.jar addToManifest.txt
jar ufm lib\epsonupos.T88V.jar addToManifest.txt
jar ufm lib\epsonupos.trace.jar addToManifest.txt
jar ufm lib\HWHydraSO.jar addToManifest.txt
jar ufm lib\jaccess.jar addToManifest.txt
jar ufm lib\jcl_editor.jar addToManifest.txt
jar ufm lib\jpos113-controls.jar addToManifest.txt
jar ufm lib\jpos113.jar addToManifest.txt
jar ufm lib\jssc_qz.jar addToManifest.txt
jar ufm lib\localedata.jar addToManifest.txt
jar ufm lib\plugin.jar addToManifest.txt
jar ufm lib\pos.jar addToManifest.txt
jar ufm lib\pos.v3.0001.jar addToManifest.txt
jar ufm lib\stario.jar addToManifest.txt
jar ufm lib\starjavapos.jar addToManifest.txt
jar ufm lib\sunec.jar addToManifest.txt
jar ufm lib\sunjce_provider.jar addToManifest.txt
jar ufm lib\sunmscapi.jar addToManifest.txt
jar ufm lib\sunpkcs11.jar addToManifest.txt
jar ufm lib\Symbol.RFID.API3.jar addToManifest.txt
jar ufm lib\uposcommon.core.v1.13.0001.jar addToManifest.txt
jar ufm lib\uposcommon.jar addToManifest.txt
jar ufm lib\xercesImpl.jar addToManifest.txt
jar ufm lib\xml-apis.jar addToManifest.txt
jar ufm lib\zipfs.jar addToManifest.txt
ECHO All JAR manifest have been altered.
PAUSE
ECHO Signing all Applets...
jarsigner Applet_RFID.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner FingerPrintReader.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner jzebra.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner POSInterface.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\access-bridge-32.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\-keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\dnsns.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\dpuareu.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.admin.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.core.v1.13.0001.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.H2000.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.H6000IV.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T20.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T81.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T81II.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey> 
jarsigner lib\epsonupos.T82.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.T88V.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\epsonupos.trace.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\HWHydraSO.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jaccess.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jcl_editor.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jpos113-controls.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jpos113.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\jssc_qz.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey> 
jarsigner lib\localedata.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\plugin.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\pos.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\pos.v3.0001.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\stario.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\starjavapos.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey> 
jarsigner lib\sunec.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\sunjce_provider.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\sunmscapi.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\sunpkcs11.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\Symbol.RFID.API3.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\uposcommon.core.v1.13.0001.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\uposcommon.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\xercesImpl.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\xml-apis.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
jarsigner lib\zipfs.jar -keystore "C:\Certificate\YourCertificate.key" <keystoreName> -storepass <SecretKey>
ECHO All JAR files have been signed.
PAUSE
Paleoasiatic answered 8/5, 2014 at 19:52 Comment(0)
B
0

I had a problem with Java Web Start, where some JAR files contained unsigned resources. I had to delete the unsigned resources from the JAR and then resign the JAR.

Benison answered 21/10, 2013 at 17:18 Comment(0)
K
0

I had to uninstall all versions of Java, reinstall the latest version, clear the prompts, then add the website it was having as a trusted site. After that, the Java app loaded fine.

Kingcup answered 22/4, 2014 at 18:20 Comment(0)
B
-1

there is a simple solution that have just worked for me - unsign all jars.

Not the most elegant solution, since Oracle is trying to insist on signed code.

Brod answered 18/10, 2013 at 14:21 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.