Signature validation error when jarfile is run
Closed this issue · 6 comments
The README.md file says:
For help, simply run:
java -jar target/grendel-${VERSION}.jar(Replace
${VERSION}with whatever version you're running.)
When I run that command I get an error:
localhost:grendel marc$ java -jar target/grendel-0.1.1.jar
Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:221)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:176)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:277)
at java.util.jar.JarVerifier.update(JarVerifier.java:188)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:321)
at java.util.jar.JarFile.getInputStream(JarFile.java:386)
at sun.misc.URLClassPath$JarLoader$2.getInputStream(URLClassPath.java:689)
at sun.misc.Resource.cachedInputStream(Resource.java:61)
at sun.misc.Resource.getByteBuffer(Resource.java:144)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:249)
at java.net.URLClassLoader.access$000(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:315)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:330)
at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:398)
Running mvn test produces no failures (1 skipped test in com.wesabe.grendel.util.tests.IntegerEquivalentsTest).
Hm, I see the same error when I try to run the server:
localhost:grendel marc$ java -jar target/grendel-0.1.1.jar server -c target/grendel.properties -p 8080
Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:221)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:176)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:277)
at java.util.jar.JarVerifier.update(JarVerifier.java:188)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:321)
at java.util.jar.JarFile.getInputStream(JarFile.java:386)
at sun.misc.URLClassPath$JarLoader$2.getInputStream(URLClassPath.java:689)
at sun.misc.Resource.cachedInputStream(Resource.java:61)
at sun.misc.Resource.getByteBuffer(Resource.java:144)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:249)
at java.net.URLClassLoader.access$000(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:315)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:330)
at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:398)
localhost:grendel marc$ java -version
java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04-248-9M3125)
Java HotSpot(TM) 64-Bit Server VM (build 14.3-b01-101, mixed mode)
Brad sees the same error.
Brad points out: http://www.coderanch.com/t/384144/Java-General/java/Security-Exception-signature-file
This turned out to be because Eclipse was slipping a signature into the project. I am not sure why this was occurring, but I was signing the manifest with a garbage certificate, etc. This may bite someone else - just check when wrapping existing jars in a new plugin to make sure dummy.sf and dummy.csa have not been placed inside the manifest.
Yeah, I didn't update the maven-shade settings to take into account the BouncyCastle dependencies' new groupIds. Fixed in 91d974.