2

我正在使用通过小程序执行登录的遗留代码(正如我所评论的那样,它是遗留代码;D)。我们一直在使用多个 JRE 版本(1.6.0_29、30 和 43)并且所有版本都可以正常工作。但是客户要求使用 1.6.0_45 JRE 版本。从那一刻起,当登录小程序将被执行时,将向用户显示此链接中显示的警报消息。

Applet 背后的 JAR 使用来自 CA 的证书进行签名,对该 JAR 的验证给出以下结果:

         636 Tue May 14 15:57:56 CEST 2013 META-INF/MANIFEST.MF
         702 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.SF
        4669 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.RSA
           0 Tue May 14 15:57:58 CEST 2013 META-INF/
           0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/
           0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/
           0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/
smk     2829 Tue Jul 03 14:02:34 CEST 2012 META-INF/maven/folder0/folder1/pom.xml

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]

smk      120 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/pom.properties

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]

           0 Tue May 14 15:57:58 CEST 2013 folder2/
           0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/
           0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/
           0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/
           0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/
           0 Tue May 14 15:57:58 CEST 2013 folder2/utils/
smk     4811 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/pwapplt.class

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]

smk     2185 Tue May 14 15:57:58 CEST 2013 folder2/utils/MyCrypter.class

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]

smk      630 Tue May 14 15:57:58 CEST 2013 folder2/utils/MySecurityManager.class

      X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
      [certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
      [KeyUsage extension does not support code signing]
      X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      [certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]


  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

另一个线程中,我看到 MANIFEST.MF 也已签名,但在我的 JAR 中却没有。这可能是用户获得警告消息的原因吗?为什么无法对 MANIFEST.MF 文件进行签名?

如果上述不是问题,这就是,如果 JAR 已正确签名并且其所有重要内容也已签名,为什么 JRE 会显示警告消息以指示应用程序包含已签名和未签名的代码?

我知道我可以使用 JAR 清单中的Trusted-Library属性来避免该消息,但我想知道它显示的原因是什么。

任何想法?任何贡献将不胜感激。

非常感谢您!

4

0 回答 0