Unsigned JARs - MD5 Disabled
Posted: 02 Mar 2022, 17:21
Hi all,
We have the following error message, an application jar library is marked as UNSIGNED:
The problem is due to the following jar:
Manifest:
The problem would seem to arise from the integrity checks. The algorithm used is MD5.
To make the application work we had to re-activate the MD5 algorithm in the java.security of our java distribution (zulu-8-u302-jre-fx).
From:
To:
In order not to lower our java distribution security level, is it possible "in some way" act on OWS configuration? Are there any other alternatives?
Looking forward to your reply, thank you
Carmelo
We have the following error message, an application jar library is marked as UNSIGNED:
Code: Select all
[ITW-CORE][2022-02-07 12:12:53.239 CET][ERROR][net.sourceforge.jnlp.AbstractLaunchHandler]
netx: Initialization Error: Could not initialize application. (Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.)
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize application. The application has not been initialized, for more information execute javaws from the command line.
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:587)
at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:372)
at net.sourceforge.jnlp.Launcher.access$200(Launcher.java:70)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:654)
Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.
at net.sourceforge.jnlp.runtime.classloader.SecurityDelegateImpl.getClassLoaderSecurity(SecurityDelegateImpl.java:102)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.setSecurity(JNLPClassLoader.java:387)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.initializeResources(JNLPClassLoader.java:773)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.<init>(JNLPClassLoader.java:350)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.createInstance(JNLPClassLoader.java:423)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:495)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:468)
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:579)
... 3 more
[ITW-CORE][2022-02-07 12:12:53.240 CET][ERROR][net.sourceforge.jnlp.Launcher]
Launch exception
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize application. The application has not been initialized, for more information execute javaws from the command line.
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:587)
at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:372)
at net.sourceforge.jnlp.Launcher.access$200(Launcher.java:70)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:654)
Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.
at net.sourceforge.jnlp.runtime.classloader.SecurityDelegateImpl.getClassLoaderSecurity(SecurityDelegateImpl.java:102)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.setSecurity(JNLPClassLoader.java:387)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.initializeResources(JNLPClassLoader.java:773)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.<init>(JNLPClassLoader.java:350)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.createInstance(JNLPClassLoader.java:423)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:495)
at net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.getInstance(JNLPClassLoader.java:468)
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:579)
... 3 more
Code: Select all
[ITW-CORE][2022-02-07 12:07:21.915 CET][DEBUG][net.sourceforge.jnlp.tools.JarCertVerifier] Jar found at C:\Users\{user}\.cache\icedtea-web\cache\0\5\gwt.jar has been verified as UNSIGNED
Code: Select all
Manifest-Version: 1.0
Permissions: all-permissions
Codebase: *
Created-By: yGuard Bytecode Obfuscator 2.5.2
Name: COM/legato/gwt/framework/LCommonActions$CascadeAction.class
MD5-Digest: YQ3YnucZeKEVB00dRgOZRA==
Digest-Algorithms: SHA-1, MD5
SHA-1-Digest: wQ4iee7crmm8Qnv3q9pVsvSPstE=
SHA-512-Digest: a6KU+gwPnX1VPP6VHV/UPIeV2oDVX9Vavn0Fe7ez4f+Lsau4XVmzQswc
PZ77Sj3bUBC26Eqg0RlxsiwfYsoHnw==
...
To make the application work we had to re-activate the MD5 algorithm in the java.security of our java distribution (zulu-8-u302-jre-fx).
From:
Code: Select all
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves
Code: Select all
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves
Looking forward to your reply, thank you
Carmelo