Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

java.lang.SecurityException with reflection

Tags:

java

reflection

Before you go duplicating this question, I'll explain to you what I know, what I've read other questions, and why this is not working for me.

My goal with this is to implement reflection a java based game that I have the .jar for. I attach it as an external library in my eclipse project.

I am getting the error

java.lang.SecurityException: class "Client"'s signer information does not match signer information of other classes in the same package

on the line

Class clazz = Client.class;

Now as mentioned in other questions. The reason for this error is that I have two referenced libraries that were signed differently? (Perhaps meaning they are compiled with different versions of java?).

The only two libraries I reference are the JRE system (my project is build on 1.7) and the .jar of the game.

Would this error be occurring maybe if the .jar was compiled on 1.6? Should I remake my project as using the JRE 1.6? How can I tell what JRE version the client was compiled with?

Thanks!

Edit: Another thought I had is perhaps the .jar file of the game itself has classes that have different signatures (perhaps to stop reflection). Is this possible?

like image 376
k9b Avatar asked Apr 05 '15 01:04

k9b

1 Answers

What I would assume is following.

You have in the (signed) game jar following

the/game/Client.class

and in your (probably unsigned) reflection code you have

the/game/ReflectionStuff.class

This would cause the exception above.

edit

Find below a small PoC to demonstrate the problem. The first class called from a specific package defines the signed key which must be the same for all classes in the same package.

public class Client {
}

public class ReflectionStuff {
    public static void main(String[] args) {
        Class clazz = Client.class;
   }
}

compile the codes

javac -d bin/ Client.java ReflectionStuff.java

create the jar files

mkdir bin
jar cf Game.jar -C bin/ Client.class
jar cf Reflection.jar -C bin/ ReflectionStuff.class

generate a key for the signing

keytool -genkey -alias signGame -keystore gamestore.jks -storepass passStore -keypass passGame -dname "CN=John Doe"

sign only the game jar

jarsigner -keystore gamestore.jks -storepass passStore -keypass passGame -signedjar SignedGame.jar Game.jar signGame

call the unsigned class from the same package (the default package)

java -cp SignedGame.jar;Reflection.jar ReflectionStuff

To solve the problem move the classes into different Java packages.

like image 94
SubOptimal Avatar answered Sep 27 '22 17:09

SubOptimal
Sign in to Comment

Related questions

Deep copy when Using ArrayList in java
How can I use AccessibilityService.getWindows() to obtain a traversable AccessibilityNodeInfo?
Jmeter java.lang.OutOfMemoryError: GC overhead limit exceeded
Output string as html in freemarker
Split String While Ignoring Escaped Character
how to make a executable jar pick the properties file during time time using maven
Stochastic Hill Climbing
Fluent Interface to Build a Directed Cyclic Graph?
characteristic.getDescriptor() returns null
Difference between hive thrift server from hive and spark distributions
resource files under webapp/WEB-INF or src/main/resources?
Set the first day of the week in JavaFX's DatePicker
Jackson Circular Dependencies
Excel found unreadable content in workspace.xlsx (POI - java)
Spring MessageSource seems to ignore property fallbackToSystemLocale
Is there a better way to catch only specific cause(s) of an exception?
Indexing documents using Solr results in Expected mime type application/octet-stream but got text/html
Debugging in maven with mvnDebug command
Elasticsearch Java API addMapping() and setSettings() usage
Method type-parameterized doesn't work in for loop

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!