10 Replies Latest reply: Sep 21, 2011 3:16 AM by 885693 RSS

    Java Webstart expired certificate?

    885693
      Is anyone else having this problem? It appears that there are files that are signed with a certificate that is now expired.

      exception: Found unsigned entry in resource: http://download.java.net/media/java3d/webstart/release/j3d/1.5.2/j3dcore.jar.
      com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: http://download.java.net/media/java3d/webstart/release/j3d/1.5.2/j3dcore.jar
      at com.sun.javaws.security.SigningInfo.getCommonCodeSignersForJar(Unknown Source)
      at com.sun.javaws.security.SigningInfo.check(Unknown Source)
      at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
      at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
      at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source)
      at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)
      at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
      Exception: com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: http://download.java.net/media/java3d/webstart/release/j3d/1.5.2/j3dcore.jar

      The problem appears to be the same as this one: http://www.coderanch.com/t/200812/JNLP-Web-Start/java/JARSigningException-when-deploying-jar-webstart

      Appreciate if anyone knows WHO to contact at Oracle to get this fixed, because it is affecting a production system for us!

      Thanks.
        • 1. Re: Java Webstart expired certificate?
          EJP
          An unsigned entry in a JAR file isn't the same thing as an expired certificate. The link you cited isn't relevant.
          • 2. Re: Java Webstart expired certificate?
            885693
            OK - is anyone able to assist me in establishing the root issue (our application been running successfully for nearly 2 years, and suddenly we now get this error).
            • 3. Re: Java Webstart expired certificate?
              888936
              Friday I started having trouble with my Java Web Start use of Java3d, JOGL, and JAI. At that time, the issue was duplicate META-INF entries in the JARs for JAI and for JOGL gluegen. I filed Jira issues on both.

              Yesterday, the pattern shifted to this failure, the unsigned JAR entries.

              My suspicion is that Oracle is busily going around repackaging all the old Sun JARs, signing them with current Oracle certs, or something of that nature. Thing is, they evidently are doing it very badly. They've broken Java3d JARs as old as version 1.3.2, which must be at least 6 years old.

              I, too, would like to find the right engineer to shake, but I don't know what to do beyond filing issues.
              • 4. Re: Java Webstart expired certificate?
                DrClap
                Here's what I suggest:

                (1) Download all of the jars to your server, so you don't have to rely on the version on some other always remaining available and unchanged.

                (2) Sign them all with your certificate, or repackage them so they aren't signed, or whatever works for you.

                (3) Modify your JNLP code to refer to your local copies of the jars.
                • 5. Re: Java Webstart expired certificate?
                  885693
                  Bad news - looks like Oracle have made some changes which means the way it was working is now a thing of the past....

                  Could I ask someone to point me in the right direction (I am not a Java developer) - where can I find the actual Java 3D jnlp files? Given my applet uses Web Start now - what is involved in making this change over? (I do have a Java developer, but he is new and only just coming up to speed.

                  Any assistance is appreciated.

                  Thanks,
                  Andrew.

                  ------------------------------------------------------------------------------------------------------------------

                  Yes, this is a very recent change we made.

                  Thanks,
                  - Vidhya

                  On Sep 19, 2011, at 11:18 AM, Andrew Bliesner wrote:


                  Hi Vidhya,

                  Can you please confirm that this is a change you made this weekend – because we were not having this error before.

                  Was this only implemented this weekend?

                  Thanks.
                  Andrew.

                  From: Srividhya Narayanan [mailto: edited by moderator]
                  Sent: 19 September 2011 19:14
                  To: Andrew Bliesner
                  Cc:
                  Subject: Re: Java.net DNS not resolving

                  Hi Andrew,

                  We had to leave the jars unsigned for legal reasons. Its best to have them signed and hosted at your end if you have to allow all permissions. The download bit sin java.net will not be signed by Oracle.

                  Thanks,
                  - Vidhya


                  -

                  Edited by: rukbat on Sep 19, 2011 4:32 PM
                  Moderator Action:
                  Third party identifier information removed.
                  They didn't explicitly post to this thread with permission to display it.
                  They probably would not want their info harvested by spammers.
                  • 6. Re: Java Webstart expired certificate?
                    889292
                    What is the license of Java3D, JOGL, etc.?
                    Is this legal to have them in my company's Maven repository and sign them ourselves?
                    Does it make sens for Oracle to expose jnlp modules which will not work anymore without signatures?
                    What does it mean "The download bit sin java.net" (fragment from the last reply in this thread)?
                    • 7. Re: Java Webstart expired certificate?
                      EJP
                      The download bit sin java.net
                      The download bits in java.net?
                      • 8. Re: Java Webstart expired certificate?
                        885693
                        Here is the response I got - but not sure on the licensing still.

                        Hope this helps.

                        -------------------------------

                        Hi Andrew

                        It's been several years since Oracle (previously Sun) have not been
                        providing support for the open source Java3D and JOGL projects. It was
                        decided a few months ago that keeping binaries signed with old Sun
                        signing certificates represented a potential security risk, and because
                        of this, we have removed the old Sun signing certificates for the
                        binaries on download.java.net.

                        The jar files are still there and can be used, but must now be signed by
                        the third party developer(s).

                        If you still wish to use Java3D, we recommend you follow these steps:

                        1) Download the following files:

                        The JNLP file for the Java 3D extension:
                        http://download.java.net/media/java3d/webstart/release/java3d-1.5.2.jnlp

                        The vecmath jar file:
                        http://download.java.net/media/java3d/webstart/release/vecmath/1.5.2/vecmath.jar

                        All Java 3D jar files in this directory:
                        http://download.java.net/media/java3d/webstart/release/j3d/1.5.2/


                        2) sign all the jar files with your own signing certificate (or use
                        self-signing).

                        3) host the jar files and jnlp file along with your application

                        4) update the jnlp file with the correct path name.

                        Best regards,

                        xxxxxxxxx (name removed)
                        Java Product Management
                        Oracle Corporation
                        Santa Clara, CA, USA
                        • 9. Re: Java Webstart expired certificate?
                          EJP
                          Why 'name removed'? Can we have it please? or is this top secret?
                          • 10. Re: Java Webstart expired certificate?
                            885693
                            The moderator took details out in one of my prior posts, so I thought to do this...

                            I can't post his email due to spam etc, but maybe you can track the guy who helped me from this:

                            Nicolas Lorain
                            Java Product Management
                            Oracle Corporation
                            Santa Clara, CA, USA

                            Not sure if there is a Private Messaging system on this forum - if there is, PM and I can give you his email address.