首页 文章

在Webstart / JNLP中部署JavaFX

提问于
浏览
1

我刚刚从Comodo购买了代码签名证书 . 我现在正在尝试签署一个Webstart / JNLP文件,以便我可以分发它,但是我收到了"Application Blocked by Java Security"消息 .
enter image description here

我正在使用Maven构建:

<plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-antrun-plugin</artifactId>
        <version>1.8</version>
        <executions>
            <execution>
                <phase>package</phase>
                <configuration>
                    <target>
                        <taskdef name="jfxdeploy" classname="com.sun.javafx.tools.ant.DeployFXTask" classpathref="maven.plugin.classpath" />
                        <taskdef name="jfxsignjar" classname="com.sun.javafx.tools.ant.FXSignJarTask" classpathref="maven.plugin.classpath" />

                        <jfxdeploy outdir="${project.build.directory}/jnlp"
                                   outfile="jnlp-test"
                                   embedJNLP="true">

                            <info title="JNLP Test"
                                  vendor="Foo Bar"
                                  description=""/>
                            <application name="${project.name}"
                                         mainClass="com.foo.CheckboxTableExample" />
                            <resources>
                                <fileset dir="${project.build.directory}" includes="*.jar" />
                            </resources>

                            <permissions elevated="true"/>

                        </jfxdeploy>

                        <!-- Sign all the jars in the deploy directory -->
                        <jfxsignjar destdir="${project.build.directory}/jnlp"
                                    keyStore="cert.pfx"
                                    storetype="pkcs12"
                                    storePass="****"
                                    alias="myalias">
                            <fileset dir="${project.build.directory}/jnlp" includes="*.jar" />
                        </jfxsignjar>

                    </target>
                </configuration>
                <goals>
                    <goal>run</goal>
                </goals>
            </execution>
        </executions>

        <dependencies>
            <dependency>
                <groupId>com.oracle</groupId>
                <artifactId>ant-javafx</artifactId>
                <version>8.0</version>
                <systemPath>${java.home}/../lib/ant-javafx.jar</systemPath>
                <scope>system</scope>
            </dependency>
        </dependencies>
    </plugin>

Maven编译好没有错误,我可以通过查看jar中的SIGNATURES.BSF文件看到jar已签名 . 但是我为什么仍然会遇到这个错误而感到困惑 .

我还清除了Java中的缓存/临时文件设置,以确保它不引用旧版本 .

任何人都可以阐明这一点吗?

EDIT:

我的JNLP输出是:

<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="jnlp-test.jnlp">    
  <information>
    <title>JNLP Test</title>
    <vendor>Foo Bar</vendor>
    <description></description>
    <offline-allowed/>
  </information>
  <resources>
    <j2se version="1.6+" href="http://java.sun.com/products/autodl/j2se"/>
    <jar href="test-jnlp-1.0.jar" size="6834" download="eager" />
  </resources>
<security>
  <all-permissions/>
</security>
  <jfx:javafx-desc  width="0" height="0" main-class="com.foo.CheckboxTableExample"  name="Test JNLP" />
  <update check="background"/>
</jnlp>

JaNeLA的输出清楚地表明我有一些错误:

Content type application/xml does not equal expected type of application/x-java-jnlp-file
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security'. One of '{resources, application-desc, applet-desc, component-desc, installer-desc}' is expected.
cvc-complex-type.2.4.a: Invalid content was found starting with element 'security'. One of '{resources, application-desc, applet-desc, component-desc, installer-desc}' is expected.
XML encoding not known, but declared as utf-8
Codebase not specified.  Defaulting to file:/D:/workspace/test-jnlp/target/jnlp/
Resource 'test-jnlp-1.0.jar' declared as size '6834' but is actually '10571'.
The resource download at test-jnlp-1.0.jar can be optimized by removing the (default) value of download='eager'.
The resource download at test-jnlp-1.0.jar can be optimized by removing the (default) value of main='false'.
It might be possible to optimize the start-up of the app. by  specifying download='lazy' for the test-jnlp-1.0.jar resource.
Lazy downloads might not work as expected for test-jnlp-1.0.jar unless the download 'part' is specified.

最后,显然我的jar是根据jarsign -verify命令签名的 not

jar is unsigned. (signatures missing or not parsable)

我不确定jfxsigner命令有什么问题 .

Edit 2: 现在我知道jar签名不起作用,我试图在命令行上使用jarsigner手动执行它并得到关于我发布的证书的错误

Warning:
The signer's certificate chain is not validated.
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2016-08-03) or after any future revocation date.

所以这是我需要向Comodo提出的一个问题 .

java maven java-web-start jnlp jar-signing

1 回答

  • 1

    我已经解决了我的问题 .

    第一个问题是我在Windows中有Comodo的Rogue Root Certificate . 需要删除并安装正确的 .

    第二个问题,我需要将pfx文件和证书导入密钥库 . 我不确定这是必要的,但我是在事件链中做到的 .

    第三个问题是"No -tsa"错误 . 我认为这是Comodo给我的证书的一个问题,他们没有另外说 . 但通过搜索,我发现向jarsigner添加-tsa http://timestamp.digicert.com摆脱了这个警告 .

    第四个问题是jxsignjar不起作用 . 首先,当jar签名失败时,它没有报告错误 . 接下来,无论如何我需要在部署之前放置signjar(我的错误) . 最后,它不允许使用-tsa选项 . 我最终使用 Ant 任务来签署jar .

    我使用JaNeLA工具检查jnlp文件 . 它是一个很酷的工具,但我认为它不会更新以支持JavaFX . 例如,它标记错误

    <jfx:javafx-desc  width="0" height="0" main-class="com.foo.CheckboxTableExample"  name="Test JNLP" />

    它需要旧格式的东西

    <application-desc main-class="com.foo.CheckboxTableExample" />

    谢谢你的帮助安德鲁 . 现在我需要弄清楚Webstart是否比安装程序更好 .

    回复于

相关问题