我绞尽脑汁想知道为什么当我使用以前使用过的代码签名证书对我的 JAR 进行签名时,我仍然会看到一个 Java 安全应用程序被阻止的对话框,其中规定我的应用程序是自签名的:
但是,当我从一台我没有用来签署应用程序的机器上运行 jarsigner verify 命令时(为了匿名,将实际公司名称替换为 Acme):
jarsigner -verify -certs -verbose RegistrySafeLauncher.jar
s 821 Wed Oct 21 09:25:42 BST 2015 META-INF/MANIFEST.MF
X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
[certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]
561 Wed Oct 21 09:25:42 BST 2015 META-INF/MYKEY.SF
5345 Wed Oct 21 09:25:42 BST 2015 META-INF/MYKEY.RSA
0 Wed Oct 21 09:25:44 BST 2015 META-INF/
0 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/
sm 1067 Wed Oct 21 09:25:42 BST 2015 META-INF/INDEX.LIST
X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
[certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]
sm 1441 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/RegistrySafeLauncher$1.class
X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
[certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]
sm 1765 Wed Oct 21 09:25:44 BST 2015 registrysafelauncher/RegistrySafeLauncher.class
X.509, CN="Acme Software, Inc.", OU=Acme Software Corp, OU=Digital ID Class 3 - Java Object Signing, O="Acme Software, Inc.", L=Sunnyvale, ST=California, C=US
[certificate is valid from 11/5/13 12:00 AM to 11/4/16 11:59 PM]
X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 2/8/10 12:00 AM to 2/7/20 11:59 PM]
X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
[certificate is valid from 11/8/06 12:00 AM to 11/7/21 11:59 PM]
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 1/29/96 12:00 AM to 8/3/28 12:59 AM]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2016-11-04) or after any future revocation date.
构建的 JAR 中的 list 文件如下所示:
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.9.4
X-COMMENT: Main-Class will be added automatically by build
Application-Library-Allowable-Codebase: *.acme.net http://localhost*
Application-Name: RegistrySafeLauncher
Class-Path: lib/jna-4.2.0.jar lib/jna-platform-4.2.0.jar
Permissions: all-permissions
Created-By: 1.7.0_80-b15 (Oracle Corporation)
Caller-Allowable-Codebase: *.acme.net http://localhost*
Main-Class: registrysafelauncher.RegistrySafeLauncher
Codebase: *
Name: registrysafelauncher/RegistrySafeLauncher.class
SHA-256-Digest: lA2UH1iNCFqmNeXTlD/5Gik+DGfkA64F34T3i6ArSEM=
Name: registrysafelauncher/RegistrySafeLauncher$1.class
SHA-256-Digest: kNyCx9f9FwWHAV/Mf4D+9KIJJfFHdcrTUNnEdiXwWmw=
Name: META-INF/INDEX.LIST
SHA-256-Digest: 7A/Nhqqvf7wBQNaAj0actnzwuWocUJv6R8/+QZyURmw=
我错过了什么?我的 list 文件中是否遗漏了某些内容,或者指向 CA (VeriSign) 的链接是否在我正在构建的机器上不正确?
****** 稍后更新:******
在处理我的 jnlp 文件后,它看起来像这样:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<jnlp codebase="http://localhost/jnlptestcaller" href="launch.aspx" spec="1.0+">
<information>
<title>RegistrySafeLauncher</title>
<vendor>Acme Software, Inc.</vendor>
<homepage href=""/>
<description>RegistrySafeLauncher</description>
<description kind="short">RegistrySafeLauncher</description>
</information>
<update check="background"/>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.7+"/>
<jar href="RegistrySafeLauncher.jar" main="true"/>
<jar href="lib/jna-4.2.0.jar"/>
<jar href="lib/jna-platform-4.2.0.jar"/>
</resources>
<application-desc main-class="registrysafelauncher.RegistrySafeLauncher">
<argument>JavaAgent.jnlp.aspx</argument>
</application-desc>
</jnlp>
我现在收到这个略有不同的安全警告:
我怎样才能摆脱这个警告?
最佳答案
As of Java 7 update 51 self-signed certificates will be blocked .
正如链接页面所讨论的那样,有许多资源可用于“正确实现安全实践”:
虽然这不是通用解决方案(因为您不应该期望用户这样做),但为了快速修复:
you can use the Exception Site list feature to run the applications blocked by security settings. Adding the URL of the blocked application to the Exception Site list allows it to run with some warnings.
关于java - 已签名的 JAR 被 Java 安全阻止,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33434268/
我需要在客户计算机上运行Ruby应用程序。通常需要几天才能完成(复制大备份文件)。问题是如果启用sleep,它会中断应用程序。否则,计算机将持续运行数周,直到我下次访问为止。有什么方法可以防止执行期间休眠并让Windows在执行后休眠吗?欢迎任何疯狂的想法;-) 最佳答案 Here建议使用SetThreadExecutionStateWinAPI函数,使应用程序能够通知系统它正在使用中,从而防止系统在应用程序运行时进入休眠状态或关闭显示。像这样的东西:require'Win32API'ES_AWAYMODE_REQUIRED=0x0
我正在编写一个小脚本来定位aws存储桶中的特定文件,并创建一个临时验证的url以发送给同事。(理想情况下,这将创建类似于在控制台上右键单击存储桶中的文件并复制链接地址的结果)。我研究过回形针,它似乎不符合这个标准,但我可能只是不知道它的全部功能。我尝试了以下方法:defauthenticated_url(file_name,bucket)AWS::S3::S3Object.url_for(file_name,bucket,:secure=>true,:expires=>20*60)end产生这种类型的结果:...-1.amazonaws.com/file_path/file.zip.A
我真的很习惯使用Ruby编写以下代码:my_hash={}my_hash['test']=1Java中对应的数据结构是什么? 最佳答案 HashMapmap=newHashMap();map.put("test",1);我假设? 关于java-等价于Java中的RubyHash,我们在StackOverflow上找到一个类似的问题: https://stackoverflow.com/questions/22737685/
我正在尝试使用boilerpipe来自JRuby。我看过guide从JRuby调用Java,并成功地将它与另一个Java包一起使用,但无法弄清楚为什么同样的东西不能用于boilerpipe。我正在尝试基本上从JRuby中执行与此Java等效的操作:URLurl=newURL("http://www.example.com/some-location/index.html");Stringtext=ArticleExtractor.INSTANCE.getText(url);在JRuby中试过这个:require'java'url=java.net.URL.new("http://www
在Ruby中是否有Gem或安全删除文件的方法?我想避免系统上可能不存在的外部程序。“安全删除”指的是覆盖文件内容。 最佳答案 如果您使用的是*nix,一个很好的方法是使用exec/open3/open4调用shred:`shred-fxuz#{filename}`http://www.gnu.org/s/coreutils/manual/html_node/shred-invocation.html检查这个类似的帖子:Writingafileshredderinpythonorruby?
我只想对我一直在思考的这个问题有其他意见,例如我有classuser_controller和classuserclassUserattr_accessor:name,:usernameendclassUserController//dosomethingaboutanythingaboutusersend问题是我的User类中是否应该有逻辑user=User.newuser.do_something(user1)oritshouldbeuser_controller=UserController.newuser_controller.do_something(user1,user2)我
什么是ruby的rack或python的Java的wsgi?还有一个路由库。 最佳答案 来自Python标准PEP333:Bycontrast,althoughJavahasjustasmanywebapplicationframeworksavailable,Java's"servlet"APImakesitpossibleforapplicationswrittenwithanyJavawebapplicationframeworktoruninanywebserverthatsupportstheservletAPI.ht
这篇文章是继上一篇文章“Observability:从零开始创建Java微服务并监控它(一)”的续篇。在上一篇文章中,我们讲述了如何创建一个Javaweb应用,并使用Filebeat来收集应用所生成的日志。在今天的文章中,我来详述如何收集应用的指标,使用APM来监控应用并监督web服务的在线情况。源码可以在地址 https://github.com/liu-xiao-guo/java_observability 进行下载。摄入指标指标被视为可以随时更改的时间点值。当前请求的数量可以改变任何毫秒。你可能有1000个请求的峰值,然后一切都回到一个请求。这也意味着这些指标可能不准确,你还想提取最小/
HashMap中为什么引入红黑树,而不是AVL树呢1.概述开始学习这个知识点之前我们需要知道,在JDK1.8以及之前,针对HashMap有什么不同。JDK1.7的时候,HashMap的底层实现是数组+链表JDK1.8的时候,HashMap的底层实现是数组+链表+红黑树我们要思考一个问题,为什么要从链表转为红黑树呢。首先先让我们了解下链表有什么不好???2.链表上述的截图其实就是链表的结构,我们来看下链表的增删改查的时间复杂度增:因为链表不是线性结构,所以每次添加的时候,只需要移动一个节点,所以可以理解为复杂度是N(1)删:算法时间复杂度跟增保持一致查:既然是非线性结构,所以查询某一个节点的时候
遍历文件夹我们通常是使用递归进行操作,这种方式比较简单,也比较容易理解。本文为大家介绍另一种不使用递归的方式,由于没有使用递归,只用到了循环和集合,所以效率更高一些!一、使用递归遍历文件夹整体思路1、使用File封装初始目录,2、打印这个目录3、获取这个目录下所有的子文件和子目录的数组。4、遍历这个数组,取出每个File对象4-1、如果File是否是一个文件,打印4-2、否则就是一个目录,递归调用代码实现publicclassSearchFile{publicstaticvoidmain(String[]args){//初始目录Filedir=newFile("d:/Dev");Datebeg