File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JNLP and Web Start and the fly likes Signing JNLP - Where does JNLP-INF directory go? Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Reply Bookmark "Signing JNLP - Where does JNLP-INF directory go?" Watch "Signing JNLP - Where does JNLP-INF directory go?" New topic
Author

Signing JNLP - Where does JNLP-INF directory go?

L Jacobs
Greenhorn

Joined: Oct 03, 2011
Posts: 1
posted private message
0
Quote
I am pursuing trying to launch a Java Webstart JNLP program without striking fear into the hearts of those that use it.
I have a valid certificate and keystore, and launching the JNLP confirms that the certificate side is all OK.
However, like many I seem to be getting the message "Althought the application has a digital signature, the application's associated file(JNLP) does not have one. A digital signature ensures that a file is from the vendor and that it has not been altered."

Reading the JNLP Spec (JSR-56)
Section 5.4.1 SIGNING OF JNLP FILES states:
A JNLP file can optionally be signed. A JNLP Client must check if a signed version of the JNLP file
exists, and if so, verify that it matches the JNLP file that is used to launch the application. If it does not
match, then the launch must be aborted. If no signed JNLP file exists, then the JNLP file is not signed,
and no check needs to be performed.

A JNLP file is signed by including a copy of it in the signed main JAR file. The copy must match the JNLP file used to launch the application. The signed copy must be named:JNLP- INF/APPLICATION.JNLP. The APPLICATION.JNLPfilename should be generated in upper case, but should be recognized in any case. The signed JNLP file must be compared byte-wise against the JNLP file used to launch the application. If the two byte streams are identical, then the verification succeeds, otherwise it fails. As described above, a JNLP file is not required to be signed in order for an application to be signed. This is similar to the behavior of Applets, where the Applet tags in the HTML pages are not signed, even when granting unrestricted access to the Applet
And I confess much of the paragraph isn't exactly clear to a newbie like me.

So maybe this is extremely basic - but where exactly should the JNLP-INF/APPLICATION.JNLP go ?
I am using eclipse, and I have about 25 jars (ext and lib). Is JNLP-INF some standard folder name and location? My manifest.mf is located in a "build" folder where my ant resides. I have tried copying my jnlp as APPLICATION.JNLP into this directory, but that did not resolve the JNLP not signed message.
I have also created a folder called JNLP-INF where the main class is (and therefore I thought would be signed in the jar) but... no go.
Very frustrating but luckily not a huge deal or priority, I have many more things to learn so JAVA will keep me plenty busy for years to come

JavaWS: Version 6.0.260.2
JavaJRE: Version 1.6.0_26
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 13842

I like...
MySQL Database
posted private message
0
Quote
To me that says that the jar (which you are going to sign) contains a folder named "JNLP-INF" and inside that folder is your "APPLICATION.JNLP" file. Did you do that?
 
 
subject: Signing JNLP - Where does JNLP-INF directory go?
 
Threads others viewed
iText: Digital signature
Webstart & java 6u15+ JCE Code Signing CA not trusted.
java program to encrypt the mail in outlook
as of release 5, 'enum' is a keyword...
Signing Applet in NS 6
IntelliJ Java IDE