Java Utility for Checking Signed JARs

1
votes

All,

Is there a good free Java utility that shows you the key that a JAR file was signed by?

I have a number of JAR files referenced in my application - I want to know which ones were signed by the same certificate.

Basically I want to know this as when I am running my JNLP file (hurray!) I am greeted with the message "JAR resources in the JNLP file are not signed by the same certificate".

I have looked at jar resources in jnlp are not signed by the same certificate

I have quite a few JARS so a utility would come in handy.

Edit

The main question is was there a tool that can show me which JARs were signed by which certificate. Unfortunately the jarsigner tool only tells me if they are signed or not - not by who/what.

Unfortunately I have still not found any tool as yet.

end Edit

Cheers,

Andez

4
javacode-signingjnlp

4 Answers

3
votes

The easiest is just to resign them all with your own key.

1
votes

Did you take a look at jarsigner ?

1
votes

This might be of help Signed Jar File.

0
votes

The JDK tool JarSigner is probably that what you are searching for. You find it in the tools.jar. The sources are availible if you need a deeper understanding of the signing and verification process.

Also I think it should be possible to use jars with different certs. I didn't test it but perhaps it helps to do something like

...
<resources>
    <jar href="jarwithcert1.jar"/>
</resources>
<resources>
    <jar href="jarwithcert2.jar"/>
</resources>
...

or

...
<resources>
    <jar href="jarwithcert1.jar" part="one" />
    <jar href="jarwithcert2.jar" part="two" />
</resources>
...