Signed jars, SSL and Jetty

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Signed jars, SSL and Jetty

notoneword
Our webapp is running into the 'signer information does not match' error (see
call-stack at botoom) now that we're running Jetty in HTTPS.  It worked before
when unsecured.

Jetty version is jetty-5.1.3.

I've got several signed jars for the user to ok before they can sign in, and
this all worked before I started running HTTPS/SSL.  Now, on one of the jars I
get the 'mismatched singing information', for some machines which are hitting
the server, not all.  I'm running Jetty, and as far as I know, its configured
correctly, and pointed at a self-signed keystore.  All the jars are signed with
the same key.  

I'm able to get past the error if I go directly to the jsp which loads the jar -
and my research on the topic seems to suggest this could mean multiple JSSE
installs - I've made sure the latest jsse.jar is in Jetty's classpath.

Is there anything in the jetty configuration/files that I could change to
further determine the cause of this problem?

thanks,
Tom

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
java.lang.SecurityException: class "TransactionMain"'s signer information does
not match signer information of other classes in the same package
        at java.lang.ClassLoader.checkCerts(Unknown Source)
        at java.lang.ClassLoader.defineClass(Unknown Source)
        at java.security.SecureClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.access$100(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at sun.applet.AppletClassLoader.findClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at sun.applet.AppletClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at sun.applet.AppletClassLoader.loadCode(Unknown Source)
        at sun.applet.AppletPanel.createApplet(Unknown Source)
        at sun.plugin.AppletViewer.createApplet(Unknown Source)
        at sun.applet.AppletPanel.runLoader(Unknown Source)
        at sun.applet.AppletPanel.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=




-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: Signed jars, SSL and Jetty

Chris Haynes
As the problem is happening with just some clients, look at the certificate
authorities they have installed in them. It's possible that the jars are
'matching' slightly-different root certificate authorities (e.g different issue
dates).  Obvioulsly the certificate to look for is the root of the chain you
have used to sign your own jars.

Chris Haynes


"Tom Cates" asked:

> Our webapp is running into the 'signer information does not match' error (see
> call-stack at botoom) now that we're running Jetty in HTTPS.  It worked before
> when unsecured.
>
> Jetty version is jetty-5.1.3.
>
> I've got several signed jars for the user to ok before they can sign in, and
> this all worked before I started running HTTPS/SSL.  Now, on one of the jars I
> get the 'mismatched singing information', for some machines which are hitting
> the server, not all.  I'm running Jetty, and as far as I know, its configured
> correctly, and pointed at a self-signed keystore.  All the jars are signed
> with
> the same key.
>
> I'm able to get past the error if I go directly to the jsp which loads the
> jar -
> and my research on the topic seems to suggest this could mean multiple JSSE
> installs - I've made sure the latest jsse.jar is in Jetty's classpath.
>
> Is there anything in the jetty configuration/files that I could change to
> further determine the cause of this problem?
>
> thanks,
> Tom
>
> +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
> java.lang.SecurityException: class "TransactionMain"'s signer information does
> not match signer information of other classes in the same package
> at java.lang.ClassLoader.checkCerts(Unknown Source)
> at java.lang.ClassLoader.defineClass(Unknown Source)
> at java.security.SecureClassLoader.defineClass(Unknown Source)
> at java.net.URLClassLoader.defineClass(Unknown Source)
> at java.net.URLClassLoader.access$100(Unknown Source)
> at java.net.URLClassLoader$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(Unknown Source)
> at sun.applet.AppletClassLoader.findClass(Unknown Source)
> at java.lang.ClassLoader.loadClass(Unknown Source)
> at sun.applet.AppletClassLoader.loadClass(Unknown Source)
> at java.lang.ClassLoader.loadClass(Unknown Source)
> at sun.applet.AppletClassLoader.loadCode(Unknown Source)
> at sun.applet.AppletPanel.createApplet(Unknown Source)
> at sun.plugin.AppletViewer.createApplet(Unknown Source)
> at sun.applet.AppletPanel.runLoader(Unknown Source)
> at sun.applet.AppletPanel.run(Unknown Source)
> at java.lang.Thread.run(Unknown Source)
> +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
>




-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support