I am pursuing trying to launch a Java Webstart JNLP program without striking fear into the hearts of those that use it.
I have a valid certificate and keystore, and launching the JNLP confirms that the certificate side is all OK.
However, like many I seem to be getting the message "Althought the application has a digital signature, the application's associated file(JNLP) does not have one. A digital signature ensures that a file is from the vendor and that it has not been altered."
Reading the JNLP Spec (JSR-56)
Section 5.4.1 SIGNING OF JNLP FILES states:
A JNLP file can optionally be signed. A JNLP Client must check if a signed version of the JNLP file
exists, and if so, verify that it matches the JNLP file that is used to launch the application. If it does not
match, then the launch must be aborted. If no signed JNLP file exists, then the JNLP file is not signed,
and no check needs to be performed.
A JNLP file is signed by including a copy of it in the signed main JAR file. The copy must match the JNLP file used to launch the application. The signed copy must be named:JNLP- INF/APPLICATION.JNLP. The APPLICATION.JNLPfilename should be generated in upper case, but should be recognized in any case. The signed JNLP file must be compared byte-wise against the JNLP file used to launch the application. If the two byte streams are identical, then the verification succeeds, otherwise it fails. As described above, a JNLP file is not required to be signed in order for an application to be signed. This is similar to the behavior of Applets, where the Applet tags in the HTML pages are not signed, even when granting unrestricted access to the Applet
And I confess much of the paragraph isn't exactly clear to a newbie like me.
So maybe this is extremely basic - but where exactly should the JNLP-INF/APPLICATION.JNLP go ?
I am using eclipse, and I have about 25 jars (ext and lib). Is JNLP-INF some standard folder name and location? My manifest.mf is located in a "build" folder where my ant resides. I have tried copying my jnlp as APPLICATION.JNLP into this directory, but that did not resolve the JNLP not signed message.
I have also created a folder called JNLP-INF where the main class is (and therefore I thought would be signed in the jar) but... no go.
Very frustrating but luckily not a huge deal or priority, I have many more things to learn so JAVA will keep me plenty busy for years to come
JavaWS: Version 6.0.260.2
JavaJRE: Version 1.6.0_26
I have a valid certificate and keystore, and launching the JNLP confirms that the certificate side is all OK.
However, like many I seem to be getting the message "Althought the application has a digital signature, the application's associated file(JNLP) does not have one. A digital signature ensures that a file is from the vendor and that it has not been altered."
Reading the JNLP Spec (JSR-56)
Section 5.4.1 SIGNING OF JNLP FILES states:
A JNLP file can optionally be signed. A JNLP Client must check if a signed version of the JNLP file
exists, and if so, verify that it matches the JNLP file that is used to launch the application. If it does not
match, then the launch must be aborted. If no signed JNLP file exists, then the JNLP file is not signed,
and no check needs to be performed.
A JNLP file is signed by including a copy of it in the signed main JAR file. The copy must match the JNLP file used to launch the application. The signed copy must be named:JNLP- INF/APPLICATION.JNLP. The APPLICATION.JNLPfilename should be generated in upper case, but should be recognized in any case. The signed JNLP file must be compared byte-wise against the JNLP file used to launch the application. If the two byte streams are identical, then the verification succeeds, otherwise it fails. As described above, a JNLP file is not required to be signed in order for an application to be signed. This is similar to the behavior of Applets, where the Applet tags in the HTML pages are not signed, even when granting unrestricted access to the Applet
And I confess much of the paragraph isn't exactly clear to a newbie like me.
So maybe this is extremely basic - but where exactly should the JNLP-INF/APPLICATION.JNLP go ?
I am using eclipse, and I have about 25 jars (ext and lib). Is JNLP-INF some standard folder name and location? My manifest.mf is located in a "build" folder where my ant resides. I have tried copying my jnlp as APPLICATION.JNLP into this directory, but that did not resolve the JNLP not signed message.
I have also created a folder called JNLP-INF where the main class is (and therefore I thought would be signed in the jar) but... no go.
Very frustrating but luckily not a huge deal or priority, I have many more things to learn so JAVA will keep me plenty busy for years to come
JavaWS: Version 6.0.260.2
JavaJRE: Version 1.6.0_26