All geek questions in one place

Continue to get a "JNLPSigningException [Failed to verify startup file signature]" when starting JNLP signed by the template

We decided to sign our JNLP files following this oracle guide. Since we have different JNLPs, we took the second approach (signing a JAR file with a JNLP template).

Here is the code we extracted to the template:

<?xml version="1.0" encoding="UTF-8"?> <jnlp spec="1.0+" codebase="*" href="*"> <information> <title>*</title> <vendor>My vendor</vendor> <description>My description</description> <icon href="splash.jpg" kind="splash" width="700" height="400" size="115258"/> <offline-allowed /> <shortcut> <menu submenu="My submenu"/> </shortcut> </information> <security> <all-permissions/> </security> <resources locale="en es ja"> <j2se version="1.6+" initial-heap-size="128m" max-heap-size="384m" href="http://java.sun.com/products/autodl/j2se"/> <jar href="myjar.jar" main="true" download="lazy" part="core" size="*"/> <jar href="lib/commons-lang-2.6.jar" download="lazy" part="commons" size="297085"/> ... <jar href="lib/trident-6.0.jar" download="lazy" part="core" size="114496"/> <property name="jnlp.myProperty" value="*"/> <property name="log4j.configuration" value="*"/> </resources> <application-desc main-class="com.mycom.myapp.MyClass"> </application-desc> </jnlp>

... and here is one of the JNLP that we actually use:

 <?xml version="1.0" encoding="UTF-8"?> <jnlp spec="1.0+" codebase="http://mylocation.mycom.com/jnlp/myapp/" href="myapp.jnlp"> <information> <title>My App - Production version</title> <vendor>My vendor</vendor> <description>My description</description> <icon href="splash.jpg" kind="splash" width="700" height="400" size="115258"/> <offline-allowed /> <shortcut> <menu submenu="My submenu"/> </shortcut> </information> <security> <all-permissions/> </security> <resources locale="en es ja"> <j2se version="1.6+" initial-heap-size="128m" max-heap-size="384m" href="http://java.sun.com/products/autodl/j2se"/> <jar href="myjar.jar" main="true" download="lazy" part="core" size="4189501"/> <jar href="lib/commons-lang-2.6.jar" download="lazy" part="commons" size="297085"/> ... <jar href="lib/trident-6.0.jar" download="lazy" part="core" size="114496"/> <property name="jnlp.myProperty" value="http://mylocation.mycom.com/jnlp/myapp/MyApp.properties"/> <property name="log4j.configuration" value="http://mylocation.mycom.com/jnlp/myapp/log4j.xml"/> </resources> <application-desc main-class="com.mycom.myapp.MyClass"> </application-desc> </jnlp>

note that I used a wildcard ( * ) for:

  • Codebase attribute in jnlp tag
  • Href attribute in jnlp tag
  • Content inside title tags
  • attribute size in jar tag
  • value of two properties

I put the template in the appropriate JNLP-INF folder (with the corresponding name), after which we signed the JAR. However, we continue to receive a JNLPSigningException with the following message:

Failed to verify startup file signing. The signed version does not match the downloaded version.

Does anyone have an idea of ​​what I am missing?

+6
source share
4 answers

I had the same problem, but it turned out that my src/JNLP-INF/APPLICATION.JNLP file included in the signed .jar file (used as a signed jnlp file) is different from the application.jnlp file that is used in a specific web application in <applet> tags. As soon as I made them the same, the error disappeared.

Caution, using signed JNLP files in the .jar file, the file must be named exactly JNLP-INF/APPLICATION.JNLP , as it is used as a template to match the jnlp being called inside the application:

+3
source

I believe he is unhappy with the template in the tag. I came across this particular situation. For testing purposes, I deleted the template and muffled another value. It worked fine - but this is an unacceptable solution, since all this property!

0
source

I had this problem in Java 1.7.0_45 in a self-signed war, the solution was to remove properties without jnlp. prefix. In your case, try deleting:

 <property name="log4j.configuration" value="http://mylocation.mycom.com/jnlp/myapp/log4j.xml"/>
0
source

As a hint for debugging, I found that running javaws -verbose and the url of the jnlp file from the command line gives additional information on the Console tab.

0
source

Source: https://habr.com/ru/post/956506/

More articles:


All Articles