1

我尝试了这个著名的 libGDX 小程序教程来创建游戏的小程序版本;我得到一个巨大的堆栈跟踪(下)。我究竟做错了什么?

java.lang.SecurityException: invalid SHA1 signature file digest for org/lwjgl/util/applet/AppletLoader$2.class
at sun.security.util.SignatureFileVerifier.verifySection(Unknown Source)
at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source)
at sun.security.util.SignatureFileVerifier.process(Unknown Source)
at java.util.jar.JarVerifier.processEntry(Unknown Source)
at java.util.jar.JarVerifier.update(Unknown Source)
at java.util.jar.JarFile.initializeVerifier(Unknown Source)
at java.util.jar.JarFile.ensureInitialization(Unknown Source)
at java.util.jar.JarFile.getCodeSources(Unknown Source)
at java.util.jar.JavaUtilJarAccessImpl.getCodeSources(Unknown Source)
at com.sun.deploy.cache.DeployCacheJarAccessImpl.getCodeSources(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$800(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: invalid SHA1 signature file digest for org/lwjgl/util/applet/AppletLoader$2.class
4

2 回答 2

2

我曾经也有过一样的问题。本教程让您以lwjgl_util_applet.jar不同于最初签名的方式签名。如果您META-INF/MANIFEST.MF将 JAR 文件与进行比较lwjgl_util_applet.jar,您会发现它使用 SHA-1,而现在默认为 SHA-256。

要解决此问题,只需在再次签名之前删除该META-INF文件夹即可。lwjgl_util_applet.jar在此之后您不应该再收到任何错误。

您还可以验证您的 JAR 文件,而无需使用jarsigner -verify.

于 2011-11-02T04:01:51.597 回答
1

看起来包含的 JAR 文件org.lwjgl.util.applet.AppletLoader自签名以来已被篡改。这可能是恶意的(有人可能已经替换了 AppletLoader),或者有人手动更新了文件并忘记重新签署 JAR。或者也许这是教程的一个步骤?我只是扫了一眼。无论如何,通过抛出这个异常而不是仅仅执行被篡改的代码,Java 是安全的。

无论哪个 JAR 文件包含org.lwjgl.util.applet.AppletLoader,请从 LWJGL 主页再次获取该 JAR。

于 2011-10-30T05:09:32.167 回答