Java Web Start(JWS)说它无法启动我的应用程序,因为jar文件是无符号的:
Error: Unsigned application requesting unrestricted access to system
Unsigned resource: .../dynaccn.jar
但jar文件 is 已签名:
$ jarsigner -keystore ... dynaccn.jar idv
$ jar tf dynaccn.jar
META-INF/MANIFEST.MF
META-INF/IDV.SF
META-INF/IDV.RSA
META-INF/
edu/
edu/ucar/
edu/ucar/unidata/
edu/ucar/unidata/dynaccn/
App$1.class
...
$ jarsigner -verbose -certs -verify dynaccn.jar
28325 Tue Aug 17 09:41:58 MDT 2010 META-INF/MANIFEST.MF
28404 Tue Aug 17 09:41:58 MDT 2010 META-INF/IDV.SF
2880 Tue Aug 17 09:41:58 MDT 2010 META-INF/IDV.RSA
0 Tue Aug 17 09:41:58 MDT 2010 META-INF/
0 Mon Aug 16 10:10:34 MDT 2010 edu/
0 Mon Aug 16 10:10:34 MDT 2010 edu/ucar/
0 Mon Aug 16 10:10:34 MDT 2010 edu/ucar/unidata/
0 Mon Aug 16 10:10:34 MDT 2010 edu/ucar/unidata/dynaccn/
...
sm 486 Mon Aug 16 10:10:34 MDT 2010 App$1.class
X.509, CN=University Corporation for Atmospheric Research, OU=UNIDATA, O=University Corporation for Atmospheric Research, L=Boulder, ST=Colorado, C=US
[certificate will expire on 2/6/11 4:59 PM]
X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
[certificate is valid from 8/5/03 6:00 PM to 8/5/13 5:59 PM]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 7/31/96 6:00 PM to 12/31/20 4:59 PM]
[CertPath not validated: null]
...
jar verified.
Warning:
This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing.
This jar contains entries whose signer certificate will expire within six months.
This jar contains entries whose certificate chain is not validated.
This jar contains signed entries that's not signed by alias in this keystore.
JWS和我的浏览器都有“Thawte Premium Server CA”证书 .
即使JWS缓存和浏览器下载区域为空,也会出现此问题 .
我不相信“KeyUsage”消息是相关的,因为1)相同的证书链用于另一个成功启动的应用程序; 2)我读过的文档表明Thawte Code Signing CA仅用于验证UNIDATA证书而不用于签署代码 .
我的环境是Linux 2.6.27.41-170.2.117.fc10.x86_64,Firefox 3.6.8(i686)和Java 1.7.0-ea .
为什么这个应用程序不会启动?
更新:我发现如果JNLP文件中的“codebase”属性引用本地目录,则启动应用程序,但如果它引用了位于用户身份验证之后的URL,则不会启动 . 在后一种情况下,如果从命令行调用,javaws(1)将认证网页解释为JNLP文件(具有明显的结果) . 如果来自用户身份验证网页的“deployJava”脚本调用(以便浏览器具有会话cookie),则javaws(1)表示该应用程序未签名 . 我发现这两种失败模式都很奇怪,因为javaws(1)文档说它理解用户验证网页并且jar文件已签名 .