Skip to Main Content

Java Programming

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

can we resign the already signed jars in java?

user8769643Jul 27 2017 — edited Jul 28 2017

Hi -

I have a production jar which is signed and as part of a fix i have to change a class file in that jar and redeploy it. so to achieve this i  first unsign the old signature, make changes to the file and resign it.

So far i have tried  the following steps below

1) unzip the jar in secure Zip

2) delete .SF and .DSA files under META-INF

3) Delete signing checksums from META-INF/MANIFEST.MF: each "Name" and "SHA1-Digest and save the jar

4) updated a class file

5) sign the jar using jarsigner tool

But even after unsigning and once i make any changes to the jar it doesn't seem to work and throws an error "cannot load the jar file "

Can someone please help me how to troubleshoot the signed jar issue and include my change in the jar?

Appreciate your help in advance!

Comments

handat

First thing would be to verify that your jar file was signed correctly by using jarsigner tool with the -verify option.

user8769643

Thank you for your response. I could verify the jar successfully before making any changes . But once i unsign ,updated a file and then resign it with my signature and try to verify it says "Invalid signature digest for manifest main attributes" . Looks like my ant target which is resigning the jarsdoesn't seem to be doing it right. can you please advise if i am missing something here.

<target name="sign-jar">

        <signjar destDir="${sign.home}" alias="deployment" keystore="${webstart.dir}/tbKeystore.jks" spreservelastmodified="yes">

            <path>

                <fileset dir="${sign.home}">

                    <include name="*.jar" />

                </fileset>

            </path>

            <flattenmapper />

        </signjar>

   </target>     

unknown-7404

Why aren't you using the same build process used to build the original jar?

You know that one works properly.

1 - 3
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Aug 25 2017
Added on Jul 27 2017
3 comments
2,121 views