November 6, 2011

Signing JARs in Web Start application - not signed by the same certificate exception


Java Mascot introducing Netbeans

Java Mascot introducing Netbeans

When I wanted to pack a simple java desktop application as a Web Start application I had problems with already signed jars - after Web Start dialog showed on the screen, I got jar resources in jnlp file are not signed by the same certificate problem. There exist other ways to tackle the problem (for instance repacking the jar and signing with different certificate) but I think I chose the simplest, quickest and dirtiest. After I googled around I chose the solution described here. I my opinion the fastest solution in order to start testing quickly.

I had one jar (log4j) already signed with other certificate:

$ find .
...
./launch.jnlp
./jnlpcomponent1.jnlp
./lib/log4j-1.2.15.jar # already signed for eXist-db project.
...

Recipe: inspect jars with

$ jarsigner -certs -verbose -verify <path-to-jar>

In my case (log4j-1.2.15.jar) I obtained

X.509, CN=eXist XML database, OU=Anonymous, O=exist-db.org, C=DE

I simply created new exist.jnlp file (in the same directory as launch.jnlp exists) with this content (taking into account what was returned by the jarsigner tool in the O key - standing for Organization):

<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+"
      codebase="file:/home/ales/NetBeansProjects/mravlja/dist/"
      href="exist.jnlp">
  <information>
    <title>eXist</title>
    <vendor>exist-db.org</vendor>
    <offline-allowed/>
  </information>
  <offline-allowed/>
  <resources>
    <jar href="lib/log4j-1.2.15.jar"/>
  </resources>
  <component-desc/>
</jnlp>

and added

<extension name="eXist" href="exist.jnlp" />

into original launch.jnlp file. Do not try to F6 in the NetBeans IDE, since launch.jnlp will be overridden. Use launch.html with your browser and the problem is gone.