PQ76313, 5.0-5.0.2.2: Signed JARs Signed With
Netscape Signing Tool 1.2
Downloadable files
Abstract
Duplicate manifest created for signed application jar
files
Download Description
PQ76313 resolves the following problem:
Signed JAR files have been signed with Netscape signing tool 1.3 and it
creates a META-INF/manifest.mf entry, these files are being modified
during the deployment of the application via the WebSphere® Application
Server V5 admin console. A second entry named META-INF/MANIFEST.MF is
being created in the jar file. But according to the Java™ SDK 1.2
documentation (docs guide jar manifest.html) it should recognize and use
the existing manifest. This jar is used as part of an applet and gets
downloaded to the client, but a security exception is thrown due to the
fact that WebSphere Application Server V5 is corrupting the jar files.
This problem affects users with signed application jar files, in
particular those users who use the Netscape signing tool. The symptom of
this problem is a runtime exception, such as:
java.lang.SecurityException: invalid SHA1 signature file digest for com/in/widgets/q.class
at sun.security.util.SignatureFileVerifier.verifySection(SignatureFileVerifier.java:321)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:172)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:239)
at java.util.jar.JarVerifier.update(JarVerifier.java:194)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:251)
at java.util.jar.JarFile.getInputStream(JarFile.java:313)
at sun.plugin.cache.CachedJarLoader.authenticate(CachedJarLoader.java:504)
at sun.plugin.cache.CachedJarLoader.access$600(CachedJarLoader.java:53)
at sun.plugin.cache.CachedJarLoader$5.run(CachedJarLoader.java:338)
at java.security.AccessController.doPrivileged(Native Method)
Prerequisites
UpdateInstaller is required before installing this fix.
Note: The install tool, updateInstaller, is separate from the fix.
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > Deploy (for example: AAT or ANT or EAR/WAR/JAR)
Operating system(s): Windows
Software version: 5.0.2.2
Software edition: Reference #: 4005155
IBM Group: Software Group
Modified date: Aug 1, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights
Reserved.