0 Replies Latest reply on Jan 31, 2014 10:59 PM by e760f16f-fb6c-4014-ae17-e70c9c40cd73

    jarsigner and files / directories in META-INF


      Hi all


      I have been struggling with signing jar files and security issues since the latest java 7 updates (as have many people)

      It seems to me there is a huge inconsistency between the jar tool and the jarsigner one.


      As per JAR File Specification, there may be in the META-INF directory other files that those security related (MANIFEST.MF , .SF, .RSA files) .


      Try INDEX.LIST: this is generated by the jar tool, but does not get signed.


      jarsigner -verify gives warning:This jar contains unsigned entries which have not been integrity-checked.

      (this for a simple jar with one class inside!)


      I found the same issue with files in the META-INF/service directory, these do not get signed either


      So how to deal with these issues? How to sign files in META-INF?


      Will this be solved soon?