Forum Stats

  • 3,827,307 Users
  • 2,260,759 Discussions
  • 7,897,201 Comments

Discussions

can we resign the already signed jars in java?

user8769643
user8769643 Member Posts: 203
edited Jul 28, 2017 11:32AM in Java Programming

Hi -

I have a production jar which is signed and as part of a fix i have to change a class file in that jar and redeploy it. so to achieve this i  first unsign the old signature, make changes to the file and resign it.

So far i have tried  the following steps below

1) unzip the jar in secure Zip

2) delete .SF and .DSA files under META-INF

3) Delete signing checksums from META-INF/MANIFEST.MF: each "Name" and "SHA1-Digest and save the jar

4) updated a class file

5) sign the jar using jarsigner tool

But even after unsigning and once i make any changes to the jar it doesn't seem to work and throws an error "cannot load the jar file "

Can someone please help me how to troubleshoot the signed jar issue and include my change in the jar?

Appreciate your help in advance!

Answers

  • handat
    handat Member Posts: 4,688 Gold Crown
    edited Jul 28, 2017 1:07AM

    First thing would be to verify that your jar file was signed correctly by using jarsigner tool with the -verify option.

  • user8769643
    user8769643 Member Posts: 203
    edited Jul 28, 2017 9:33AM

    Thank you for your response. I could verify the jar successfully before making any changes . But once i unsign ,updated a file and then resign it with my signature and try to verify it says "Invalid signature digest for manifest main attributes" . Looks like my ant target which is resigning the jarsdoesn't seem to be doing it right. can you please advise if i am missing something here.

    <target name="sign-jar">

            <signjar destDir="${sign.home}" alias="deployment" keystore="${webstart.dir}/tbKeystore.jks" spreservelastmodified="yes">

                <path>

                    <fileset dir="${sign.home}">

                        <include name="*.jar" />

                    </fileset>

                </path>

                <flattenmapper />

            </signjar>

       </target>     

  • Unknown
    edited Jul 28, 2017 11:32AM

    Why aren't you using the same build process used to build the original jar?

    You know that one works properly.

This discussion has been closed.