我的公司有一个Java应用程序,我们最近开始使用Godaddy证书签名。这是通过Web Start部署的应用程序。我一直在jdk 7u45上测试它。正如所料,我得到一个安全对话框,要求我为发布者(我的公司)安装证书。这很好,但随后又有两个安全对话框警告我,我正在执行一个未知发布者的应用程序。所以这实际上是一个两部分问题:
我不确定哪些其他信息可用于诊断此问题,但如果它有用,我可以提供更多信息。
编辑:我使用Maven构建应用程序,自动执行代码签名。 Maven的默认签名程序可能出现问题,但我不确定那会是什么。
更新:在运行Jcs的命令并检查Maven日志之后,就我所知,看起来所有内容都已签名并在清单中。除清单外,每个文件都报告smk(显然是sk)。
更新:我确实在Maven日志中找到了一些依赖项:
[debug] Executing: /bin/sh -c "cd /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp && /var/lib/jenkins/tools/hudson.model.JDK/jdk7u25/jre/../bin/jarsigner -verify /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/unprocessed_equinox-common-3.6.0.jar"
[info] jar verified.
[info]
[info] Warning:
[info] This jar contains entries whose signer certificate has expired.
[info] This jar contains entries whose certificate chain is not validated.
[info]
[info] Re-run with the -verbose and -certs options for more details.
[INFO] remove signature from : /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/unprocessed_equinox-common-3.6.0.jar
[info] remove file :/var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/temp_extracted_jars/unprocessed_equinox-common-3.6.0.jar/META-INF/ECLIPSEF.SF
[info] remove file :/var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/temp_extracted_jars/unprocessed_equinox-common-3.6.0.jar/META-INF/ECLIPSEF.RSA
[INFO] Building jar: /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/unprocessed_equinox-common-3.6.0.jar
我不知道“未经处理”是什么意思,但是标题中没有“未处理”的同一个jar“equinox-common”会出现在构建版本的后面,以便正确签名:
../bin/jarsigner -verify -verbose /var/lib/jenkins/workspace/jaguar/jaguar-core/target/jnlp/lib/equinox-common-3.6.0.jar"
[info]
[info] s 7814 Tue Dec 10 10:42:46 CST 2013 META-INF/MANIFEST.MF
[info] 7940 Tue Dec 10 10:42:46 CST 2013 META-INF/JAG_CERT.SF
[info] 4247 Tue Dec 10 10:42:46 CST 2013 META-INF/JAG_CERT.RSA
[info] 0 Tue Dec 10 10:40:28 CST 2013 META-INF/
[info] sm 76 Thu Jun 24 08:53:50 CDT 2010 META-INF/eclipse.inf
[info] sm 1746 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/runtime/SubMonitor$RootInfo.class
[info] sm 301 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IProgressMonitorWithBlocking.class
[info] sm 6213 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/PluginVersionIdentifier.class
[info] sm 1582 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/CoreException.class
[info] sm 3918 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/Status.class
[info] sm 187 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IAdaptable.class
[info] sm 1194 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/NullProgressMonitor.class
[info] sm 2110 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/ProgressMonitorWrapper.class
[info] sm 384 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IBundleGroup.class
[info] sm 2499 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/SafeRunner.class
[info] sm 1560 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/QualifiedName.class
[info] sm 4912 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/runtime/SubMonitor.class
[info] sm 2646 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/MultiStatus.class
[info] sm 253 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/ISafeRunnable.class
[info] sm 237 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/ILogListener.class
[info] sm 1896 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/ListenerList.class
[info] sm 575 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IStatus.class
[info] sm 722 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/PlatformObject.class
[info] sm 258 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IBundleGroupProvider.class
[info] sm 572 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/OperationCanceledException.class
[info] sm 860 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IAdapterManager.class
[info] sm 2725 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/FileLocator.class
[info] sm 263 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IAdapterFactory.class
[info] sm 6756 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/runtime/URIUtil.class
[info] sm 431 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IProgressMonitor.class
[info] sm 484 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/AssertionFailedException.class
[info] sm 1508 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/IPath.class
[info] sm 1350 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/Assert.class
[info] sm 2431 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/runtime/SubProgressMonitor.class
[info] sm 14651 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/runtime/Path.class
[info] sm 3255 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/boot/PlatformURLHandler.class
[info] sm 2092 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/boot/PlatformURLBaseConnection.class
[info] sm 11789 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/boot/PlatformURLConnection.class
[info] sm 1293 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLConverter.class
[info] sm 7591 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/FindSupport.class
[info] sm 3034 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/core/internal/runtime/commonMessages.properties
[info] sm 2951 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLFragmentConnection.class
[info] sm 2705 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/DevClassPathHelper.class
[info] sm 675 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/MetaDataKeeper.class
[info] sm 1717 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PrintStackUtil.class
[info] sm 1423 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/LocalizationUtils.class
[info] sm 5419 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ResourceTranslator.class
[info] sm 9033 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/AdapterManager.class
[info] sm 1951 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/CommonMessages.class
[info] sm 1218 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet$StrongReference.class
[info] sm 390 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/IRuntimeConstants.class
[info] sm 3672 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLMetaConnection.class
[info] sm 5094 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet.class
[info] sm 2741 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/RuntimeLog.class
[info] sm 10406 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/Activator.class
[info] sm 1895 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet$HashableSoftReference.class
[info] sm 240 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/IAdapterManagerProvider.class
[info] sm 1785 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet$HashableWeakReference.class
[info] sm 4032 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLPluginConnection.class
[info] sm 271 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/IAdapterFactoryExt.class
[info] sm 6107 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/DataArea.class
[info] sm 3649 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/PlatformURLConfigConnection.class
[info] sm 330 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/internal/runtime/ReferenceHashSet$HashedReference.class
[info] sm 780 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/equinox/events/MemoryEventConstants.class
[info] sm 604 Wed May 20 16:19:18 CDT 2009 plugin.properties
[info] sm 641 Thu Jun 24 08:39:44 CDT 2010 .api_description
[info] sm 1432 Sat Jun 03 09:14:58 CDT 2006 about.html
[info] 0 Thu Jun 24 08:34:46 CDT 2010 org/
[info] 0 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/
[info] 0 Thu Jun 24 08:34:46 CDT 2010 org/eclipse/core/
[info] 0 Tue Dec 10 10:40:28 CST 2013 org/eclipse/core/runtime/
[info] 0 Tue Dec 10 10:40:28 CST 2013 org/eclipse/core/internal/
[info] 0 Tue Dec 10 10:40:28 CST 2013 org/eclipse/core/internal/boot/
[info] 0 Tue Dec 10 10:40:28 CST 2013 org/eclipse/core/internal/runtime/
[info] 0 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/equinox/
[info] 0 Thu Jun 24 08:34:48 CDT 2010 org/eclipse/equinox/events/
[info]
[info] s = signature was verified
[info] m = entry is listed in manifest
[info] k = at least one certificate was found in keystore
[info] i = at least one certificate was found in identity scope
[info]
[info] jar verified.
答案 0 :(得分:0)
答案结果比我想象的要简单。我们通过Web Start(jnlp)部署我们的应用程序。主jnlp引用其他jnlps,其中包含不由我们的构建系统管理的外部库,因此未使用经过验证的证书进行签名。我不知道这些依赖关系,因为我不是最初创建应用程序的人。有两个依赖项,每个依赖项都会导致单独的安全对话框。
总结:此问题的原因是由未经验证的证书签名的外部依赖项,这些依赖项不是由maven构建过程管理,而是通过唯一的jnlps引用。