Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Java Webstart Certificate Issue with JNLP versioning

Hi I have a problem with Java Webstart. We hav a JNLP configuration where versioning is enabled ie:

 <property name="jnlp.versionEnabled" value="true"/>

and we are using version numbers of each jar eg:

<jar href="project.jar" version="2.5.7.0"/>.

We are also are signing our application jars using a Maven Jar signer plugin.

All good so far you say.

Well each time we do a new release of the application we change the JNLP file with the new version numbers for each jar (not all jars change versions) but as with the project.jar example above lets says this version number is incremented from 2.5.7.0 to 2.5.7.1. eg

<jar href="project.jar" version="2.5.7.1"/>.

When our users download the new application via the JNLP file they receive the following error:

#### Java Web Start Error:
#### JAR resources in JNLP file are not signed by same certificate

I have added additional DEBUG to Webstart and have found the following error in the Java Concole:

security: Validating cached jar url=http://servername/lib/project_V2.5.7.1.jar ffile=C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache\6.0\10\57344cca-719709af-2.5.7.1- com.sun.deploy.cache.CachedJarFile@11e1bbf
security: Have 0 common certificates after processing http://servername/lib/project.jar
network: Remove cache entry: http:///lib/project__V2.5.7.1.jar

It appears that Webstart is trying to check the local cache for a jar named project_V2.5.7.1.jar (which does not exist), since it is part of the new release/download.

As it can't find the JAR it assumes that the certificates do not match - hence the error:

JAR resources in JNLP file are not signed by same certificate.

I'm assuming that this is Webstart error! which is causing us a lot pain as we have to manually clear the webstart cache now before each release - for every user.

Anyone have a similar problem?

like image 574
user1539726 Avatar asked Nov 14 '22 01:11

user1539726


1 Answers

I think based on my experience what might be happening is that once you increment the version number from 2.5.7.0 to 2.5.7.1 and you sign the jar again without removing the older manifest entry then the webstart tends to think that the resources are not signed by the same certificate. One thing you can try which might help is:

Unzip the jar causing trouble, purge all META-INF directories from it, jar it and sign it again.

Let me know if this helps.

like image 199
user1420750 Avatar answered Dec 01 '22 00:12

user1420750