我正在使用通过小程序执行登录的遗留代码(正如我所评论的那样,它是遗留代码;D)。我们一直在使用多个 JRE 版本(1.6.0_29、30 和 43)并且所有版本都可以正常工作。但是客户要求使用 1.6.0_45 JRE 版本。从那一刻起,当登录小程序将被执行时,将向用户显示此链接中显示的警报消息。
Applet 背后的 JAR 使用来自 CA 的证书进行签名,对该 JAR 的验证给出以下结果:
636 Tue May 14 15:57:56 CEST 2013 META-INF/MANIFEST.MF
702 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.SF
4669 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.RSA
0 Tue May 14 15:57:58 CEST 2013 META-INF/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/
smk 2829 Tue Jul 03 14:02:34 CEST 2012 META-INF/maven/folder0/folder1/pom.xml
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 120 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/pom.properties
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
0 Tue May 14 15:57:58 CEST 2013 folder2/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/
0 Tue May 14 15:57:58 CEST 2013 folder2/utils/
smk 4811 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/pwapplt.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 2185 Tue May 14 15:57:58 CEST 2013 folder2/utils/MyCrypter.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 630 Tue May 14 15:57:58 CEST 2013 folder2/utils/MySecurityManager.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
在另一个线程中,我看到 MANIFEST.MF 也已签名,但在我的 JAR 中却没有。这可能是用户获得警告消息的原因吗?为什么无法对 MANIFEST.MF 文件进行签名?
如果上述不是问题,这就是,如果 JAR 已正确签名并且其所有重要内容也已签名,为什么 JRE 会显示警告消息以指示应用程序包含已签名和未签名的代码?
我知道我可以使用 JAR 清单中的Trusted-Library属性来避免该消息,但我想知道它显示的原因是什么。
任何想法?任何贡献将不胜感激。
非常感谢您!