Applet - 仅有1.6.0_45的签名和未签名代码警告消息

时间:2013-05-15 09:00:37

标签: java security jar applet signed

我正在使用遗留代码,其中登录是通过applet执行的(因为我评论它是遗留代码; D)。我们一直在使用几个JRE版本(1.6.0_29,30和43),所有版本都没有任何问题。但客户要求使用1.6.0_45 JRE版本。从那时起,当要执行登录小程序时,将向用户显示警告消息,该消息显示在this link中。

Applet背后的JAR使用来自CA的证书进行签名,并且该JAR的验证会产生以下结果:

         636 Tue May 14 15:57:56 CEST 2013 META-INF/MANIFEST.MF
         702 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.SF
        4669 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.RSA
           0 Tue May 14 15:57:58 CEST 2013 META-INF/
           0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/
           0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/
           0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/
smk     2829 Tue Jul 03 14:02:34 CEST 2012 META-INF/maven/folder0/folder1/pom.xml

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]

smk      120 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/pom.properties

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]

           0 Tue May 14 15:57:58 CEST 2013 folder2/
           0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/
           0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/
           0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/
           0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/
           0 Tue May 14 15:57:58 CEST 2013 folder2/utils/
smk     4811 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/pwapplt.class

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]

smk     2185 Tue May 14 15:57:58 CEST 2013 folder2/utils/MyCrypter.class

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]

smk      630 Tue May 14 15:57:58 CEST 2013 folder2/utils/MySecurityManager.class

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]


  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

this other thread中,我看到MANIFEST.MF也已签名,但在我的JAR中却没有。这可能是用户获取警告消息的原因吗?为什么MANIFEST.MF文件无法签名?

如果以上不是问题,那么,如果JAR被正确签名并且其所有重要内容都已签名,为什么JRE会显示警告消息以指示应用程序包含已签名和未签名的代码?

我知道我可以在JAR清单中使用Trusted-Library属性来避免该消息,但我想知道是什么引起了它的显示。

有什么想法吗?任何贡献将不胜感激。

提前非常感谢你!

0 个答案:

没有答案