Servoy Forum

Discuss Servoy here!
https://forum.servoy.com/

Java 1.8.0_141_b15 java.lang.SecurityException

https://forum.servoy.com/viewtopic.php?f=6&t=21823

Page 1 of 1

Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Wed Jul 19, 2017 4:47 pm
by Juan Etec
Hi updating the Java version 1.8.0_141 it shows this Error loading the Smart Client:

Code: Select all
com.sun.deploy.net.JARSigningException: No se ha podido verificar la firma del recurso (Could not verify signature of resource): (https://etecsoft.com:8445/servoyServer/plugins/it2be-ftp/jakarta-oro.jar, 1500474092072)
   at com.sun.deploy.security.JarVerifier.authenticateJarEntry(Unknown Source)
   at com.sun.deploy.security.EnhancedJarVerifier.validate(Unknown Source)
   at com.sun.deploy.cache.CacheEntry.processJar(Unknown Source)
   at com.sun.deploy.cache.CacheEntry.access$2700(Unknown Source)
   at com.sun.deploy.cache.CacheEntry$7.run(Unknown Source)
   at java.security.AccessController.doPrivileged(Native Method)
   at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source)
   at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source)
   at com.sun.deploy.cache.Cache.downloadResourceToTempFile(Unknown Source)
   at com.sun.deploy.cache.Cache.downloadResourceToCache(Unknown Source)
   at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
   at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
   at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
   at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
   at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)
   at java.util.concurrent.FutureTask.run(Unknown Source)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
   at java.lang.Thread.run(Unknown Source)



All the plugins are signed the same keystored.
Using the last Code Signer version for java 8 >=101 v1.3.54.
It's works with lower java version.
It`s not relevant but the server its working with Servoy version 8.1.4 -releaseNumber 3035 and java.version=1.8.0_121

Re: Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Wed Jul 19, 2017 5:05 pm
by jcompagner
i guess it is not for all jars but only for certain jars?
then we need to investigate those jars that are failing, what is so special about them

you should be able to use the bootstrapper for this also then you don't need to sign (except the small bootstrap.jar)

Re: Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Wed Jul 19, 2017 6:20 pm
by LXS
Same issue here with the same jar, but not from it2be but drmaison:

plugins/drmaison-lib/jakarta-oro.jar

Re: Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Thu Jul 20, 2017 9:33 am
by Juan Etec
jcompagner wrote:i guess it is not for all jars but only for certain jars?

Yes, could be the plugins who has dependencies.

jcompagner wrote:you should be able to use the bootstrapper for this also then you don't need to sign (except the small bootstrap.jar)

I have use it, but the problem is later when you open the solution, it fail when the solution use this failed plugins.

Re: Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Thu Jul 20, 2017 9:52 am
by jcompagner
i can't reproduce it,
i got a jar file of Patrick that was a problem (but that jar file really was not signed correctly anymore, to old)
and i resigned it in different ways (signing with java7 and java 8, with our internal signing script and also with the CodeSigner of servoyforge)
then i start it up with javawebstart of java8.141 and it didn't complain about those files.

So maybe those files really need to be resigned? Does anybody has a jar file that should work, but fails now?

Re: Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Thu Jul 20, 2017 12:50 pm
by Juan Etec
jcompagner wrote:So maybe those files really need to be resigned? Does anybody has a jar file that should work, but fails now?

File attached with the problem, signing with my keystore.

This time I have signing all the plugins using the last Code Signer version for java 8 >=101 v1.3.54, but in a computer with the new Java version.
After that I have installed it in my server:
- without bootstrapper fails in two plugins one I have attached (yakarta oro).
- with bootstrapper show the error in the Java console but it works, even the it2beFtp plugin, that gave me the previous error.

Re: Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Thu Jul 20, 2017 3:40 pm
by jcompagner
i see it going wrong if i just take that
but at the moment i sign with our certificate it works

Do you really sign all your jars?

But what i do notice that in side that jar in the /META-INF/manifest.mf file
there is an entry:

Name: org/apache/oro

make that:

Name: org.apache.oro

then with the code signer, first remove the signature, then run the normal signing again

Re: Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Thu Jul 20, 2017 9:14 pm
by LXS
Hi Johan,

thank you for your investigations!
It seems that changing that "Name: org/apache/oro" string and resigning the jar works for us with Java 8 Update 141!

Alex

Re: Java 1.8.0_141_b15 java.lang.SecurityException

PostPosted: Fri Jul 21, 2017 10:44 am
by Harjo
There is def something going on with these release of java

Look here

https://stackoverflow.com/questions/451 ... java-8u141
All times are UTC + 1 hour [ DST ]
Page 1 of 1