PQ76313: Application installation changes the case
of the manifest of nested jar
Downloadable files
Abstract
Duplicate manifest file created for signed application jar
files
Download Description
Application deployment tools will ignore the archive entry
META-INF/manifest.mf, creating a new entry having the name
META-INF/MANIFEST.MF. This will later cause a security exception to be
thrown.
(According to the JDK 1.2 documentation, doc guide jar manifest.html, the
case of the manifest should be ignored. That is, manifest.mf should be
recognized as the manifest of archive. No duplicate MANIFEST.MF entry
should be created.)
For example, jars that are signed using the Netscape signing tool 1.3 have
a manifest named META-INF/manifest.mf. When deploying the signed
application a second entry is created,
META-INF/MANIFEST.MF. Later, a security exception is thrown from the
runtime, for example:
java.lang.SecurityException: invalid SHA1 signature file digest for
com/in/widgets/q.class
at
sun.security.util.SignatureFileVerifier.verifySection(SignatureFileVerifier.java:321)
at
sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:172)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:239)
at java.util.jar.JarVerifier.update(JarVerifier.java:194)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:251)
at java.util.jar.JarFile.getInputStream(JarFile.java:313)
at
sun.plugin.cache.CachedJarLoader.authenticate(CachedJarLoader.java:504)
at
sun.plugin.cache.CachedJarLoader.access$600(CachedJarLoader.java:53)
at
sun.plugin.cache.CachedJarLoader$5.run(CachedJarLoader.java:338)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.cache.Cache.privileged(Cache.java:219)
at
sun.plugin.cache.CachedJarLoader.download(CachedJarLoader.java:320)
at
sun.plugin.cache.CachedJarLoader.load(CachedJarLoader.java:128)
at sun.plugin.cache.JarCache.get(JarCache.java:172)
at
sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(CachedJarURLConnection.java:93)
at
sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(CachedJarURLConnection.java:78)
at
sun.misc.URLClassPath$JarLoader.getJarFile(URLClassPath.java:580)
at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:541)
at sun.misc.URLClassPath$3.run(URLClassPath.java:319)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:308)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:285)
at sun.misc.URLClassPath.getResource(URLClassPath.java:155)
at java.net.URLClassLoader$1.run(URLClassLoader.java:190)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at
sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:134)
at
sun.plugin.security.PluginClassLoader.findClass(PluginClassLoader.java:168)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at
sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:114)
at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
at
sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:501)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:567)
at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1778)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:496)
at sun.applet.AppletPanel.run(AppletPanel.java:293)
at java.lang.Thread.run(Thread.java:536)
Prerequisites
Please download the UpdateInstaller below to install this fix.