我正在使用遗留代码,其中登录是通过applet执行的(因为我评论它是遗留代码; D)。我们一直在使用几个JRE版本(1.6.0_29,30和43),所有版本都没有任何问题。但客户要求使用1.6.0_45 JRE版本。从那时起,当要执行登录小程序时,将向用户显示警告消息,该消息显示在this link中。
Applet背后的JAR使用来自CA的证书进行签名,并且该JAR的验证会产生以下结果:
636 Tue May 14 15:57:56 CEST 2013 META-INF/MANIFEST.MF
702 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.SF
4669 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.RSA
0 Tue May 14 15:57:58 CEST 2013 META-INF/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/
smk 2829 Tue Jul 03 14:02:34 CEST 2012 META-INF/maven/folder0/folder1/pom.xml
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 120 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/pom.properties
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
0 Tue May 14 15:57:58 CEST 2013 folder2/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/
0 Tue May 14 15:57:58 CEST 2013 folder2/utils/
smk 4811 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/pwapplt.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 2185 Tue May 14 15:57:58 CEST 2013 folder2/utils/MyCrypter.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 630 Tue May 14 15:57:58 CEST 2013 folder2/utils/MySecurityManager.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
在this other thread中,我看到MANIFEST.MF也已签名,但在我的JAR中却没有。这可能是用户获取警告消息的原因吗?为什么MANIFEST.MF文件无法签名?
如果以上不是问题,那么,如果JAR被正确签名并且其所有重要内容都已签名,为什么JRE会显示警告消息以指示应用程序包含已签名和未签名的代码?
我知道我可以在JAR清单中使用Trusted-Library属性来避免该消息,但我想知道是什么引起了它的显示。
有什么想法吗?任何贡献将不胜感激。
提前非常感谢你!