ログインがアプレットを介して実行されるレガシーコードを使用しています(コメントしたように、それはレガシーコードです;D)。いくつかの JRE バージョン (1.6.0_29、30、および 43) を使用してきましたが、すべて問題なく動作しています。しかし、顧客は 1.6.0_45 JRE バージョンの使用を要求しました。その瞬間から、ログイン アプレットが実行されるときに、このリンクに示されている警告メッセージがユーザーに表示されます。
アプレットの背後にある JAR は CA からの証明書で署名されており、その JAR を検証すると、次の結果が得られます。
636 Tue May 14 15:57:56 CEST 2013 META-INF/MANIFEST.MF
702 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.SF
4669 Wed May 15 09:45:38 CEST 2013 META-INF/Cert.RSA
0 Tue May 14 15:57:58 CEST 2013 META-INF/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/
0 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/
smk 2829 Tue Jul 03 14:02:34 CEST 2012 META-INF/maven/folder0/folder1/pom.xml
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 120 Tue May 14 15:57:58 CEST 2013 META-INF/maven/folder0/folder1/pom.properties
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
0 Tue May 14 15:57:58 CEST 2013 folder2/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/
0 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/
0 Tue May 14 15:57:58 CEST 2013 folder2/utils/
smk 4811 Tue May 14 15:57:58 CEST 2013 folder2/generalRequirements/accessControl/passwordManagement/applt/pwapplt.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 2185 Tue May 14 15:57:58 CEST 2013 folder2/utils/MyCrypter.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
smk 630 Tue May 14 15:57:58 CEST 2013 folder2/utils/MySecurityManager.class
X.509, CN=AAA, OU=BBB, O=CCC, L=DDD, ST=EEE, C=EN (alias)
[certificate is valid from 11/11/12 1:00 to 14/01/14 0:59]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 8/02/10 1:00 to 8/02/20 0:59]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 17/11/06 1:00 to 31/12/20 0:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 1/08/96 2:00 to 2/01/21 0:59]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
この他のスレッドでは、MANIFEST.MF も署名されていることがわかりましたが、私の JAR では署名されていません。ユーザーが警告メッセージを受け取った理由はありますか? MANIFEST.MF ファイルに署名できないのはなぜですか?
上記が問題でない場合、これは、JAR が正しく署名されていて、そのすべての重要なコンテンツも署名されている場合に、アプリケーションに署名済みコードと未署名コードの両方が含まれていることを示す警告メッセージが表示されるのはなぜですか?
JAR マニフェストでTrusted-Library属性を使用してそのメッセージを回避できることは知っていますが、表示される原因を知りたいです。
何か案が?どんな貢献でも感謝します。
よろしくお願いします!