PQ76313, 5.0-5.0.2.2: Signed JARs Signed With Netscape Signing Tool 1.2
 Downloadable files
 
Abstract
Duplicate manifest created for signed application jar files
 
Download Description
PQ76313 resolves the following problem:

Signed JAR files have been signed with Netscape signing tool 1.3 and it creates a META-INF/manifest.mf entry, these files are being modified during the deployment of the application via the WebSphere® Application Server V5 admin console. A second entry named META-INF/MANIFEST.MF is being created in the jar file. But according to the Java™ SDK 1.2 documentation (docs guide jar manifest.html) it should recognize and use the existing manifest. This jar is used as part of an applet and gets downloaded to the client, but a security exception is thrown due to the fact that WebSphere Application Server V5 is corrupting the jar files.

This problem affects users with signed application jar files, in particular those users who use the Netscape signing tool. The symptom of this problem is a runtime exception, such as:

java.lang.SecurityException: invalid SHA1 signature file digest for com/in/widgets/q.class
at sun.security.util.SignatureFileVerifier.verifySection(SignatureFileVerifier.java:321)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:172)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:239)
at java.util.jar.JarVerifier.update(JarVerifier.java:194)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:251)
at java.util.jar.JarFile.getInputStream(JarFile.java:313)
at sun.plugin.cache.CachedJarLoader.authenticate(CachedJarLoader.java:504)
at sun.plugin.cache.CachedJarLoader.access$600(CachedJarLoader.java:53)
at sun.plugin.cache.CachedJarLoader$5.run(CachedJarLoader.java:338)
at java.security.AccessController.doPrivileged(Native Method)
 
Prerequisites
UpdateInstaller is required before installing this fix.
Note: The install tool, updateInstaller, is separate from the fix.
 
URL LANGUAGE SIZE(Bytes)
UpdateInstaller US English 6631023
 
 
Installation instructions
Please review the readme.txt for detailed installation instructions.
 
URL LANGUAGE SIZE(Bytes)
Readme US English 16891
 
Download package
What is DD?
DOWNLOAD RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
PQ76313 for 5.0 8/12/2003 US English 15314 FTP DD
PQ76313 for 5.0.1 8/12/2003 US English 15314 FTP DD
PQ76313 for 5.0.2 8/12/2003 US English 16891 FTP DD
PQ76313 for 5.0.2.2 8/12/2003 US English 16918 FTP DD
 
Technical support
800-IBM-SERV (U.S. calls only)
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
Problems (APARs) fixed
PQ76313
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Deploy (for example: AAT or ANT or EAR/WAR/JAR)
Operating system(s): Windows
Software version: 5.0.2.2
Software edition:
Reference #: 4005155
IBM Group: Software Group
Modified date: Aug 1, 2004