如何将权限和代码库属性放入第三方jar的清单?
[英]How to put Permissions and Codebase attributes into third-party jar's manifest?
问题描述
As stated in Java™ SE Development Kit 7, Update 25 (JDK 7u25) , a warning is printed in the console if the manifest file of an application deployed using Java Web Start doesn't have the Permissions an Codebase attributes described in Preventing RIAs from Being Repurposed . 
如Java™SE开发工具包7,更新25(JDK 7u25)中所述,如果使用Java Web Start部署的应用程序的清单文件没有在防止RIA中描述的权限和代码库属性,则会在控制台中打印警告重新利用 。
For my JARs, it is trivial to add the properties; 对于我的JAR,添加属性是微不足道的; it is even trivial for third-party jars not digitally signed: modify the manifest and sign (same as my JARs). 对于没有经过数字签名的第三方罐子来说,这甚至是微不足道的:修改清单和标志(与我的JAR相同)。 What if I have third-party digitally signed jars? 如果我有第三方数字签名的罐子怎么办? It seems that a hash of the entire manifest file is used in the verification process, so it may not be possible to modify the manifest without invalidating the signature applied using jarsigner—JAR Signing and Verification Tool . 似乎整个清单文件的哈希值在验证过程中使用,因此可能无法在不使用jarsigner-JAR签名和验证工具应用的签名失效的情况下修改清单。
Is this right? 这是正确的吗? Is there any solution? 有什么解决方案吗?
1 个解决方案
解决方案1
0 2013-10-31 01:50:21
i made a little ant script for this purpose. 我为此目的做了一个小蚂蚁脚本。 the idea is simple: 这个想法很简单:
for each jar
为每个罐子 - extract content in a temp directory 提取临时目录中的内容
- re-jar excluding *.RSA and *.SF files (adding permissions too) 不包括* .RSA和* .SF文件的重新jar(也添加权限)
- sign with my own certificate 用我自己的证书签名
<property name="keystore" value="../keystores/store/keystore.jks" /> <property name="storetype" value="jks" /> <property name="storepass" value="password" /> <property name="keypass" value="${storepass}" /> <target name="unsign-all"> <foreach target="_re-jar" param="currentFile" parallel="false"> <path> <fileset dir="WebContent/dir_contains_jars" casesensitive="yes"> <include name="**/*.jar" /> </fileset> </path> </foreach> <move todir="WebContent/dir_contains_jars" overwrite="true"> <fileset dir="WebContent/dir_contains_jars.tmp" casesensitive="yes"> <include name="**/*.jar" /> </fileset> </move> <delete dir="WebContent/dir_contains_jars.tmp" /> </target> <target name="sign-all"> <apply executable="C:\\Program Files\\Java\\jdk1.7.0_45\\bin\\jarsigner"> <arg line="-keystore ${keystore} -storetype ${storetype} -storepass ${storepass} -keypass ${keypass}" /> <srcfile /> <arg line="alias_name" /> <fileset dir="WebContent/dir_contains_jars" casesensitive="yes"> <include name="**/*.jar" /> </fileset> </apply> </target> <target name="_re-jar"> <basename property="filename" file="${currentFile}" /> <jar destfile="WebContent/dir_contains_jars.tmp/${filename}"> <zipfileset src="${currentFile}"> <exclude name="META-INF/**.RSA" /> <exclude name="META-INF/**.SF" /> </zipfileset> <manifest> <attribute name="Permissions" value="all-permissions" /> <attribute name="Codebase" value="*" /> <attribute name="Application-Name" value="jnlpApplicationName" /> </manifest> </jar> </target>- extract content in a temp directory
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.