Signed Applet does not load
I've a simple HelloWorld applet, I am embedding that in the HTML. It worked fine. But I put the applet in the jar and signed the jar, but it does not load saying "Self signed jars can't be supported" I am signing using ICA issued cert. More over we never faced this issue before 1.7.51 version. BTW : I went through Oracle Documentation on adding parameters
According to it I tried to add following attributes in the signed MANIFEST.MF namely : Permissions: sandbox, Trusted-Library: true but this also did not help. I am not sure I'am missing something.
Manifest looks like this :
Manifest-Version: 1.0
Trusted-Library: true
Permissions: all-permissions
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Codebase: *
Created-By: 1.7.0_45 (Oracle Corporation)
Name: HelloWorld$1.class
SHA1-Digest: xcxzcbxzcbxzcbxzcb=
Name: HelloWorld.class
SHA1-Digest: xaadfasfdasdfsafd=
Adding console logs :
com.sun.deploy.security.BlockedException: Your security settings have blocked a self-signed application from running
at com.sun.deploy.security.SandboxSecurity.showBlockedDialog(Unknown Source)
at com.sun.deploy.security.TrustDecider.askUser(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
Thanks.
JE
Solution
Well I found the solution for this :
Check following three things.
1) Certificate has valid chain upto root and CA/ICA are public root.
2) Manifest.MF must have 2 attributes.
- Codebase: < location/hostname on which you are going to deploy your jar>
- Permissions: One of two values (Sandbox or all-permissions)
Check more information here.
- How to gain root access to Xcode to Disable Code Signing
- Signing files using Inno Setup with the signonce flag
- Automate Extended Validation (EV) code signing with Yubico Yubikey
- Automate Extended Validation (EV) code signing with SafeNet eToken
- Install4J 10.0.9 code signing via post processor and jsign "Unsupported file"
- MSBuild cannot sign a ClickOnce manifest using a temporary key (errors MSB3326 and MSB3321)
- "Unknown Publisher" on non-domain machine using AD-created code signing certificate
- How to get multiple Authenticode signatures from an executable?
- Resign IPA from development to enterprise
- How to get a "codesigned" gdb on OSX?
- Signing product flavors with gradle
- Code signing: which timestamp servers are more reliable?
- How do I create timestamp url or where can I find free timestamp url for MSIX app packages
- How to code sign the Inno Setup uninstaller using cloud service?
- Azure trusted signing Identity validation process stuck due to inability to upload required documents
- How can i remove signing from Powershell?
- How can I invoke Azure Trusted Signing from a Linux OS?
- Codesigning a program that runs with MPI
- Inno Setup code signing not applying for all the files. How to fix that?
- Missing signing identifier when creating an archive for an ios app containing a static library built with cmake
- Code signing issue with SPM Dynamic Library
- Where is SignTool /d info (description of the signed content) used/displayed?
- Cannot find provisioning profile for Mac Catalyst App
- Code Signing "No account for team" message when signing for different developer account
- Profile doesn't match the entitlements file's value for the application-identifier entitlement
- "Warning: unable to build chain to self-signed root for signer" warning in Xcode 9.2
- Tauri/Angular App for MacOS - After adding Signing, running bash script shuts down whole app
- How does one correctly dual-sign code with a timestamp?
- Remove the strong name from 3rd party assemblies?
- How to export Sectigo Code Signing Certificate to PFX for Electron Forge's Windows Code Signing?