TechQA.

Resign “bcprov-ext-jdk16-140.jar” with new permission attribute

1.3k views Asked by At

I have an applet which depends with many jars. After I update the java to 7.45 the applet generate message saying “This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute” I added permission attribute “Permissions: all-permissions” to all manifest files after that I resigned all these jars by our "6NRJ" certificate.

All jars was well signed but unfortunately the applet generate an exception only in "bcprov-ext-jdk16-140.jar".

Here the exception details:

java.security.NoSuchProviderException: JCE cannot authenticate the provider BC 
        at javax.crypto.JceSecurity.getInstance(JceSecurity.java:101) 
        at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:249) 
        at org.bouncycastle.cms.CMSEnvelopedHelper.createKeyGenerator(Unknown Source) 
        at org.bouncycastle.cms.CMSEnvelopedHelper.createSymmetricKeyGenerator(Unknown Source) 
        at org.bouncycastle.cms.CMSEnvelopedDataGenerator.generate(Unknown Source) 
        at com.atexo.mpe.applet.AppletDiagnostic.init(AppletDiagnostic.java:142) 
        at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source) 
        at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) 
        at java.lang.Thread.run(Unknown Source) 
Caused by: java.util.jar.JarException: http://wma-migration.whitecapetech.local/ressources/applet/bcprov-ext-jdk16-140.jar is not signed by a trusted signer. 
        at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:503) 
        at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322) 
        at javax.crypto.JarVerifier.verify(JarVerifier.java:250) 
        at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161) 
        at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187) 
        at javax.crypto.JceSecurity.getInstance(JceSecurity.java:98) 
        ... 8 more

I think that bcprov-ext-jdk16-140.jar was signed before by bouncy castle.

Is there a way to re-sign "bcprov-ext-jdk16-140.jar" after adding the permission attribute ?

Thanks in advance for help

java applet bouncycastle jar-signing signed-applet
Original Q&A
1

There are 1 answers

0
Simone On

"I think that bcprov-ext-jdk16-140.jar was signed before by bouncy castle."

No, you can verify this opening the jar. You Will find no signature in it.

"Is there a way to re-sign "bcprov-ext-jdk16-140.jar" after adding the permission attribute ? "

yes. Open the bcprov jar. Add the permission attribuite using a text editor. Sign using jarsigner.

Related Questions in JAVA

Related Questions in APPLET

Related Questions in BOUNCYCASTLE

Related Questions in JAR-SIGNING

Related Questions in SIGNED-APPLET

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions