英文:
Java get CodeSigners from class
问题
我正在运行Java 17并调用class.getProtectionDomain().getCodeSource().getSigners(),但即使相关的JAR文件已正确签名,它始终返回null。有人知道为什么会这样,是否有修复或其他解决方案吗?
在检查Jarsigner时,返回以下内容,jarsigner -verify .\mcpaintball-1.5.1-R.jar
jar已验证。
警告:
此JAR文件包含其证书链无效的条目。原因:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到对所请求目标的有效证书路径
此JAR文件包含其签名者证书为自签名的条目。
重新使用-verbose和-certs选项以获取更多详细信息。
我尝试过同时使用class.getSigners()和class.getProtectionDomain().getCodeSource().getCertificates(),但都没有成功。
我原本期望能够获取包含我的签名信息或至少证书的签名者列表。
是否有Java不支持的算法可能导致此问题?
英文:
I'm running java 17 and calling class.getProtectionDomain().getCodeSource().getSigners() always returns null even though the associated jar is correctly signed. Does anyone know why this is and if there is a fix or another solution.
When checking the jarsigner the following gets returned, jarsigner -verify .\mcpaintball-1.5.1-R.jar
jar verified.
Warning:
This jar contains entries whose certificate chain is invalid. Reason: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This jar contains entries whose signer certificate is self-signed.
Re-run with the -verbose and -certs options for more details.
I have tried to use both class.getSigners() and class.getProtectionDomain().getCodeSource().getCertificates() to no avail.
I was expecting to get the list of signers containing my signing information or at the very least the certificate.
Are there algorithms that java does not support that could be causing this issue.
答案1
得分: 1
我建议将用于签署JAR文件的自签名证书添加到您的系统信任存储中。
从JAR文件中导出证书
keytool -exportcert -alias <signer> -keystore <keystore.jks> -storepass <password> -file signer.cer
导入到信任存储
keytool -importcert -alias <signer> -keystore <cacerts.jks> -storepass <password> -file signer.cer
请根据括号中的值进行替换。keytool可在jdk中使用,因此在Windows上应该可以工作。
完成后,请验证签名。
可能您的cacerts文件不是JKS格式。
cacerts文件通常位于$JAVA_HOME/jre/lib/security/目录中。
您可以使用以下命令检查cacerts文件的格式:
keytool -list -v -keystore /path/to/cacerts
如果cacerts文件不是JKS格式,您可以使用以下命令将其转换为JKS格式:
keytool -importkeystore -srckeystore /path/to/cacerts -destkeystore /path/to/cacerts.jks -deststoretype jks
希望这有所帮助。
英文:
I would suggest adding the self-signed cert which was used to sign the jar to your systems truststore.
Export certificate from the JAR file
keytool -exportcert -alias <signer> -keystore <keystore.jks> -storepass <password> -file signer.cer
Import to truststore
keytool -importcert -alias <signer> -keystore <cacerts.jks> -storepass <password> -file signer.cer
Replace values in brackets accordingly. keytool is available in jdk, so should work in windows.
After this verify signature.
It’s possible that your cacerts file is not in the JKS format.
The cacerts file is usually located in the
$JAVA_HOME/jre/lib/security/ directory.
You can check the format of your cacerts file using the following command:
keytool -list -v -keystore /path/to/cacerts
If cacerts file is not in the JKS format, you can convert it to JKS using the following command:
keytool -importkeystore -srckeystore /path/to/cacerts -destkeystore /path/to/cacerts.jks -deststoretype jks
Hope this helps.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论