问题
I'm having the following method in an applet which is called via JavaScript
public String getAString()
{
Object rc = AccessController.doPrivileged(
new java.security.PrivilegedAction()
{
public Object run()
{
try
{
return "OK";
}
catch (Throwable t)
{
t.printStackTrace();
return "ERROR: " + t.getMessage() + " " + t.getCause();
}
}
});
// Return value
return rc.toString();
}
The applet is signed using a certificate created with keytool
When I call getAString() if throws the InvocationTargetException.
If I call other methods which don't use the AccessController class, I'm not having this problem.
Also, each time I open the browser I'm asked to allow the applet to run even the the applet is signed.
How can I fix this?
edit
I added a button and now I'm getting more info:
signer information does not match signer information of other classes in the same package
I'm using a third party archive. In the original form is unsigned, but I signed it using the same cert (although with different commands).
edit 2 Here is how I sign the jars
keytool -genkey -keystore vkeystore -keyalg rsa -dname "CN=XXX, OU=XXX, O=XXX, L=Atlanta, ST=GA,C=NL" -alias printer -validity 3600 -keypass XXX-storepass XXX
jarsigner -keystore vkeystore -storepass XXX -keypass XXX -signedjar JSPrintS.jar JSPrint.jar printer
jarsigner -keystore vkeystore -storepass XXX -keypass XXX -signedjar jPDFPrintS.jar jPDFPrint.jar printer
JSPrint.jar contains the applet
edit 3
the applet definition is (located in JSPrint.jar)
package Eplatforms;
import java.net.URL;
import java.security.AccessController;
import javax.swing.JApplet;
import java.awt.event.*;
import java.awt.*;
import com.XXX.pdfPrint.PDFPrint;
public class JSPrint extends JApplet implements ActionListener
....
jPDFPrint.jar is a third party jar
EDIT 4
I tried to minimize the problem a bit and I found out that when calling AccessControler.doPrivileged from a jar file (even signed one), I get the following exception:
Exception in thread "main" java.lang.NoClassDefFoundError: TestPrivileges$1
at TestPrivileges.getAString(TestPrivileges.java:14)
at TestPrivileges.main(TestPrivileges.java:7)
Caused by: java.lang.ClassNotFoundException: TestPrivileges$1
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
Here is a testing class:
http://pastebin.com/EgmdwuqL
Notice that calling other methods doesn't raise this exception.
Here is how I compile and run it:
javac TestPrivileges.java
java TestPrivileges
jar cvf TestPrivileges.jar TestPrivileges.class
jarsigner -keystore vkeystore -storepass My0Company -keypass My0Company -signedjar TestPrivilegesS.jar TestPrivileges.jar printer
copy TestPrivilegesS.jar x /Y
copy TestPrivileges.jar x /Y
cd x
java -classpath TestPrivilegesS.jar TestPrivileges
java -classpath TestPrivileges.jar TestPrivileges
cd ..
A quick for vkeystore:
keytool -genkey -keystore vkeystore -keyalg rsa -dname "CN=MyCompany, OU=MyCompany, O=MyCompany, L=Atlanta, ST=GA,C=NL" -alias printer -validity 3600 -keypass My0Company -storepass My0Company
The first run works ok (probably because the class file is in the same directory). Then I create to archives, one signed and another unsigned. When I run them, I got those errors. Notice the jars are in a separate folder which contains only those jars and no class file.
回答1:
I am with Andrew on this.
I've created an app that should help us find the code signing issue.
https://gist.github.com/2596125
(Since we don't want to Spam Andrew I've created this.)
With more information that finally came out it seems that you are not packing the TestPrivileges$1 class with the jar.
To fix this do this for jar packing:
jar cvf TestPrivileges.jar TestPrivileges.class TestPrivileges$1.class
回答2:
New theory
The 3rd party Jar was already signed when it was signed it with your certificate. Now there are 2 lots of information on digital keys inside the Jar, which is confusing the JRE.
Either use the original Jar, as it was, or remove the digital signatures and sign it again with your own certificate.
Earlier answer
signer information does not match signer information of other classes in the same package
The actual error is because two jars are considered to be signed with different certificates, even I'm using the same certificate.
I suspect that the problem comes down to the part of the error/comment that I made bold.
Classes in the same package must be in the same Jar.
来源:https://stackoverflow.com/questions/10450956/invocationtargetexception-when-using-accesscontroler-doprivileged-in-a-signed-ap