SignTester overwrite

Classic Servoy
1

So I’ve been happily sailing along using the signtester to sign all of our internal plugins without problem for a while now. Recently, however, I have reason to need to overwrite the signatures and am having a bit of trouble with the overwrite argument.

After I run the sign tester with the overwrite option, when I try to start up my client I get a “JAR resources in JNLP file are not signed by the same certificate” error with the following dump:

JNLPException[category: Launch File Error : Exception: null : LaunchDesc: 
<jnlp spec="1.0+" codebase="http://localhost:8889/" href="http://localhost:8889/servoy-client/plugins/scheduler.jar.jnlp">
  <information>
    <title>Servoy Client Plugins</title>
    <vendor>Servoy and Others</vendor>
    <homepage href="null"/>
    <offline-allowed/>
  </information>
  <security>
    <all-permissions/>
  </security>
  <update check="timeout" policy="always"/>
  <resources>
    <jar href="http://localhost:8889/plugins/scheduler.jar" version="1302902432801" part="scheduler" download="eager" main="false"/>
    <jar href="http://localhost:8889/plugins/scheduler/quartz.jar" version="1291153353522" part="quartz" download="eager" main="false"/>
    <jar href="http://localhost:8889/lib/commons-logging.jar" version="1302902444676" part="logging" download="eager" main="false"/>
    <package name="org.quartz." part="quartz" recursive="true"/>
    <package name="org.apache.commons.logging." part="logging" recursive="true"/>
  </resources>
  <component-desc/>
</jnlp> ]
	at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
	at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
	at com.sun.javaws.Launcher.prepareResources(Unknown Source)
	at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
	at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
	at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
	at com.sun.javaws.Launcher.launch(Unknown Source)
	at com.sun.javaws.Main.launchApp(Unknown Source)
	at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
	at com.sun.javaws.Main$1.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)

As far as I can tell from the output of the signtester scheduler.jar, quartz.jar and commons-logging.jar are all successfully signed by this process.

Any one have any luck with using the overwrite option in signtester or have any insights as to what is going on?

2

Have you used the latest version of the tool?
What if you open the jars (with a zip utility), what’s in META/INF?

3

Are you sure the re-signed jars are loaded?
When the version/timestamp remains the same it could be that you have to clear cache manually.

4

We had the same issue with signing the scheduler, in Servoy 5.2.6

Johan, fixed that.

take the scheduler.jar from the 5.2.7 and you are fine

5

was it scheduler.jar or quartz.jar?
i can’t remember

6

I stand corrected! It was the log4j.jar…

7

Pleased to report I compiled a fresh jar from the SVN and everything went smoothly.

I probably should have thought of that… :oops:

Thanks guys!