Hallo Stefan,
Stefan Bodewig wrote:
On Thu, 04 Nov 2004, T. E. Schmitz <[EMAIL PROTECTED]> wrote:
information can and should be gathered from <http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html> and in particular <http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html#Signed%20JAR%20File>
Thanks for the links. I couldn't find any information though as to that
and why jarsigner truncates the alias: jarsigner takes the alias name,
truncates it to 8 characters and uses this as a basename for the SF file.
This is where signjar's lazy option falls down. I have just tested this:
If lazy=true signjar will not re-sign the jar with the same signature. It will, however, sign a signed jar if the basename of the SF file is different from the given alias. (It would be great if this could be stated more explicitly in the Ant manual.)
The following example uses an alias longer than 8 chars. The comparison in isSigned() will return false (and therefore re-sign the jar) because the existing SF file is called EMORDES-.SF.
<signjar keystore="${java.keystore}" storepass="${keystore.passwd}" alias="emordes-stock" lazy="true" jar="util.jar" />
While keystore permits alias names longer than 8, jarsigner truncates the SF file basename to 8. In other words, the lazy option cannot work with aliases longer than 8 chars.
(Not to mention the fact that jarsigner couldn't sign a jar with two signatures the alias name of which is not unique on the fist 8 chars?!)
=========================
Back to my original question: can I avoid that a jar might be signed with more than one signature? *Webstart won't allow jar with more than one signature.* (I realize now that my subject line was a bit ambiguous.)
The answer is: even with short alias names, the lazy option wouldn't be able to do that because it just avoids re-signing with the same signature.
I presume this is too specialist a requirement to incorporate this logic in the signjar task because then we would need two different isSigned() methods. OTOH, other people using WebStart will encounter the same issue.
So, I either write my first Ant task or I use the dirty option of extracting all files and testing for the existance of an SF file :-(
As for the case sensitivity question in your other mail. First make sure that you are not using WinZIP to verify the case of file names. <http://ant.apache.org/faq.html#winzip-lies> applies to any archives, not only those created by Ant.
I realized this, too, last night and I must say I was totally flummoxed. Serves me right for using Winblows. In German I'd call this a case of "Volksverdummung". Unbeliavable what "features" some people come up with.
--
Regards/Gru�,
Tarlika Elisabeth Schmitz
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
