Can anybody tell me how to add signature in jar file.
I have developed a plugin, but when i am installing it, it is showing some warnings that it is not a signatured jar file.
Can anyone give me guidance on how to do that?
You can follow instructions given in the Eclipse wiki Jar Signing page
It is part of a protection policy against malicious code
How is signing done?
Signing is performed using the JDK's jarsigner.
This tool signs JARs by producing a separate signature for every file in the JAR.
The signatures are put in the MANIFEST.MF file and in a separate signature file in the META-INF directory.
For optimization purposes, the signature of the MANIFEST.MF with all embedded signatures is also computed and placed in the signature file.
Projects who wish to sign their JAR's with the Eclipse Foundation Signature need to name a person which applies for "signer" privilege with the Webmaster. The Webmaster will grant required permissions on the signing server and send an E-Mail with exact instructions how signing is done.
Now if the warning appears because your plugin, even signed, is not signed with the "Eclipse Foundation Signature" (if your plugin runs within an Eclipse instance), that warning is likely to remain.
See also this thread if you want to use your own keystore:
java
-Djava.security.manager=""
-Djava.security.policy=policy
-Dosgi.framework.keystore=file:keystore
-Dosgi.signedcontent.support=true
-jar org.eclipse.osgi_3.4.0.<qualifier>.jar
-console
-consoleLog
Finally, you can try out this jarsigner/keytool integration (integration to the jar exporter) which can facilitate the process.
Related
I had tried deploy both war file without java and jar files and with java and jar files. The war file without java and jar files managed to deploy successfully without any error in the log. The runtime appear in the admin console and everything works.
If I deploy server/java and jar war files, my runtime will disappear from the admin console. Here is my java lib,
I am using the IBM Server Configuration Tool to deploy war.
axis.jar
bcprov-jdk14-143.jar
commons-discovery-0.2.jar
commons=logging.jar
CryptoPasswordTool_14.jar
e2eejslib2048_b1.4_v1.3jar
jaxrpc.jar
jcprov.jar
saaj.jar
wsdl4j.jar
xerces-2.9.1.jar
Here is my Java call
javax.xml.rpc.Service aacmService = javax.xml.rpc.ServiceFactory.newInstance().createService(new java.net.URL(connectionUrl),new javax.xml.namespace.QName(ssoLink, "SSOService"));
These library had been used in my server/java to make some customized server call.Is there any of these jar files that will crash with MFP?
In this environment, I unable to get to copy anything out from the server due to the client policy. But I managed to take a shot on the screen.
Without proper information to review, such as the complete log file to see all errors printed, the recommendation is to open a PMR instead of a question on stack overflow, which anyway is more suitable for programming questions rather than infrastructure questions.
Open a support ticket to IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21507643
I set up my Visual Studio Team Service account to clone my private GitHub repo and build the Windows UWP application anytime I queue a build. The cloning works without any issues; the compilation of every project (6) works except one. The Windows UWP app project.
I receive the following warnings while the build server compiles the app:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0104: Certificate file 'myapp_TemporaryKey.pfx' not found.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0104: Certificate file 'myapp_TemporaryKey.pfx' not found. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
This is the last project out of the 6 to compile. After I receive the warnings, it proceeds to copy all of the output files over to the final /bin directory. Then when it's all done, reports the same messages as above, but as errors this time and fails the build.
_GenerateAppxPackageFile:
C:\Program Files (x86)\Windows Kits\10\bin\x64\MakeAppx.exe pack /l /h sha256 /f obj\x86\Debug\package.map.txt /o /p C:\a\1\s\Source\Applications\MyApp.WindowsUWP\AppPackages\MyApp_1.0.0.0_x86_Debug_Test\MyApp_1.0.0.0_x86_Debug.appx
MyApp -> C:\a\1\s\Source\Applications\MyApp.WindowsUWP\AppPackages\MyApp_1.0.0.0_x86_Debug_Test\MyApp_1.0.0.0_x86_Debug.appx
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0104: Certificate file 'MyApp_TemporaryKey.pfx' not found.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0104: Certificate file 'MyApp_TemporaryKey.pfx' not found. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
2>Done Building Project "C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj" (default targets) -- FAILED.
1>Done Building Project "C:\a\1\s\Source\MyApp.UWP.sln" (default targets) -- FAILED.
Build FAILED.
"C:\a\1\s\Source\MyApp.UWP.sln" (default target) (1) ->
If I just delete the certificate (as I did in this particular error log), it fails because it can't find it. If I generate the certificate using the manifest editor in VS, and assign it a password, the build server fails because it doesn't know the password. So I can't get it to build whether I provide a temporary test certificate or not.
How are we supposed to run Windows 10 UWP apps through the Visual Studio Team Services build system? This is something that Microsoft has been promoting for a while now so I I assumed this was a thing that could be done. I can't seem to get the UWP project to actually build.
You can generate a certificate without password assigned.
Or add a PowerShell step in your build definition to import the password protected certificate. Following is the powershell script you can use:
$pfxpath = 'myapp_TemporaryKey.pfx'
$password = 'yourpassword'
Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()
Remember to set the "Working Folder" to the path where your pfx file placed.
By default .gitignore ignores any *.pfx file. Therefore it is not added to git. I had the same issue, that the build machine does not has the *_StoreKey.pfx file and therefore the build did not succeed.
For me the solution was to install the *_StoreKey.pfx on the build server. Then building the solution on the build server succeeds.
I solved this with the "secure files" feature: https://learn.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=vsts
In the build pipeline, there's a "library" tab. I added the pfx (that's excluded from source control) as a file there.
I then added "download secure file" as a build task (https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-secure-file?view=vsts). Note the environment variable in the documentation (currently $env:DOWNLOADSECUREFILE_SECUREFILEPATH)
I then added a command line task to move the file to where it was expected. So the command was move %DOWNLOADSECUREFILE_SECUREFILEPATH% FolderOfMyProject
Now it behaves as though the certificate were checked in.
Same issue I met these days, And I finally successfully solved with the help of this post.
Actually we must ensure we had create a test-used .pfx as the developer of UWP
,and followed words shared some helpful solutions I thought:
Create a test certificate with VS:
In Visual Studio, from Solution Explorer, open Package.appxmanifest
In the App Manifest Designer, choose the Packaging tab, and then choose the Choose Certificate button.
In the Choose Certificate dialog box, expand the Configure Certificate list, and then choose Create test certificate.
In the Create test certificate dialog box, input your info and click the OK button.(Above step description are coming from this ↓)
Create a certificate with MakeCert,Pvk2Pfx and Certutil tools
MDSN : How to create an app package signing certificate
Hope it can help u!
I too was getting the error:
"Cannot import the key file 'blah.pfx'. The key file may be password protected. To correct this, try to import the certificate manually into the current user’s personal certificate store".
You can double click a .pfx file to import it into your store, the trick is that when it brings up the wizard, you have to choose "Current User", instead of "Local Machine" on the first screen, then instead of "Automatic", I specifically chose "Personal".
I was able to build the package after that. Didn't work when I chose "Local Machine" + Personal.
Had the same issue (error APPX0107: The certificate specified is not valid for signing) and tryed every solution but nothing worked for me.
In fact their was a new line after the key name in the .csproj:
<PackageCertificateKeyFile>myCert.pfx
</PackageCertificateKeyFile>
Removed it and it worked.
I have a OneClick Deployed VSTO Addin that I have signed with a up-to-date Verisign code-signing certificate (PFX). I have verified that I am signing correctly with Verisign support on the phone – they concur. I am building with VS2010. Nonetheless, the Addin shows “unknown publisher” when I try to install.
Why?
How can I replace “Unknown Publisher” with the name of the Publisher on the PFX certificate?
This is what I have done to try to solve the problem to date:
Found this question about “Unknown Publisher” issue on Addins. The accepted answer to that question discusses using mage.exe to sign the deployment and application manifests.
I used mage.exe to apply the PFX signature to both the application and deployment manifests to no avail; “Unknown Publisher” still shows when I install the Addin. Only then did I see a comment by a MS program manager on the page of the last link that VSTO Addin's built under 2008 or earlier do not read either the application or deployment manifests.
Then I saw the same MS program manager's comment at bottom linking to this page and asserting that starting in VS2010 that VSTO Addin's with Publisher specified as given in the linked page will now have their manifests read and the correct Publisher name displayed upon Addin installation.
I have done all this and the publisher on my correctly code-signed OneClick Deployment still shows “Unknown Publisher” - why?
Follow these steps:
Install the certificate on your local machine. In Windows Explorer right-click the certificate file, select Install PFX, and follow the instructions.
Ensure the VSTO project manifest and assembly are signed. In the VSTO project's properties on the Signing tab, "Sign the ClickOnce manifests" should be checked (if not, select your PFX file). "Sign the assembly" should also be checked and using the same PFX file.
After publishing the VSTO, you'll need to sign the manifest and the published .vsto files from the command line. You will also need to copy the .dll's from the bin to your published folder before you run mage.exe (to avoid "File Not Found" errors). I highly recommend signing both .vsto's for safety's sake. Here is the command line code to perform these steps:
-
set AppPublishPath=bin\Release\app.publish
set AppPublishVersionPath=bin\Release\app.publish\Application Files\MyProjectName_1_0_0_0
set CertificatePath=C:\SignedCertificate.pfx
set CertificatePassword=password
copy bin\*.dll "%AppPublishVersionPath%"
mage -update "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
mage -update "%AppPublishVersionPath%\MyProjectName.vsto" -appmanifest "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
mage -update "%AppPublishPath%\MyProjectName.vsto" -appmanifest "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
See Nathan's comment below about a possible additional step.
Bear with me, I'm migrating from Ant to Maven2: I think I've hit one of those little things that was easy in Ant, but not so in Maven...
How do I handle the difference between a local deployment vs. creating an archive/bundle for distribution to another machine?
Let's assume my project's output is an EAR plus some additional config files. A developer that is actively working on the project will need to deploy and re-deploy frequently to his local app-server (say JBoss), while an Integration Engineer that is building for QA/production will need only to create the final archive assembly (tar/gz).
In Ant we had two targets for this: "dev-deploy" and "bundle". Both do a complete build, but differ in the final step: "dev-deploy" copies the EAR and config files to the respective local folders, while "bundle" just puts the EAR & config files in a tar.gz assembly.
How do you do this in Maven?
I've seen that the assembly plugin can create either archives (tar, gz, etc.) or exploded directories (from the same assembly descriptor). I can invoke either assembly:assembly or assembly:directory, but for the latter, how do I copy the final output to the local JBoss deployment folders? From a related post it seems that ad-hoc copying of files is not really what Maven is about, so an antrun copy is probably the most appropriate?
Finally, since the type of assembly may differ depending on who invokes it, it doesn't seem wise to bind assembly to the build lifecycle, not so? But this means that a developer will always need to invoke 'mvn package' followed by 'mvn assembly:directory' to rebuild and test a change. Conversely, an Integration Engineer will always need to run 'mvn package' followed by 'mvn assembly:assembly' to create the distributable archive. I was hoping for a one-command solution for each, or should I just script it?
In Ant we had two targets for this: "dev-deploy" and "bundle". Both do a complete build, but differ in the final step: "dev-deploy" copies the EAR and config files to the respective local folders, while "bundle" just puts the EAR & config files in a tar.gz assembly.
Not sure what you mean by respective local folders about "dev-deploy" but this sounds like what mvn pacakge is doing and "bundle" indeed sounds like a maven assembly.
I've seen that the assembly plugin can create either archives (tar, gz, etc.) or exploded directories (from the same assembly descriptor). I can invoke either assembly:assembly or assembly:directory, but for the latter, how do I copy the final output to the local JBoss deployment folders? From a related post it seems that ad-hoc copying of files is not really what Maven is about, so an antrun copy is probably the most appropriate?
I guess that we are talking about the Integration Engineer's tasks here. As you didn't explain what the "bundle" contains exactly, what the target application server is (my understanding is that you are using JBoss for QA/production too but, again, this is a guess), if this bundle has to be deployed automatically, it's hard to imagine all solutions and/or alternatives to antrun. But indeed, to copy/move/unzip/whatever the assembly, the maven antrun plugin is a candidate.
Finally, since the type of assembly may differ depending on who invokes it, it doesn't seem wise to bind assembly to the build lifecycle, not so? But this means that a developer will always need to invoke 'mvn package' followed by 'mvn assembly:directory' to rebuild and test a change. Conversely, an Integration Engineer will always need to run 'mvn package' followed by 'mvn assembly:assembly' to create the distributable archive. I was hoping for a one-command solution for each, or should I just script it?
My understanding was that the Integration Engineer was building the bundle. Why would a developer need the bundle? This is confusing... Anyway, I don't really need the details to think of an answer. You could actually declare the maven assembly plugin into specific build profiles, one for development and one for integration, and bind either the single or the directory-single mojos to the project's build lifecycle in each profile. This would allow to use only one command and avoid any scripting (really, don't go this way).
This is a question already asked by someone:
How can an Eclipse plugin access the project directory?
The answer was good: using ResourcesPlugin.
But for some reason, under no circumstances will my Ganymede eclipse recognise the existence of org.eclipse.core.resources package which contains ResourcesPlugin.
Why is that?
This is usually something to do with the Manifest:
is the package imported (Import-Package), or the bundle required (Require-Bundle) in your plugin.
(sanity check) is the package exported by the source bundle (Export-Bundle).
If both of these check out, then I would look at the target platform. A typical base install for RCP only does not include the resources bundle.
(*) You might have specified a version constraint in the Manifest.MF for the dependency. And the available version is different. If so, remove the constraint or just click the Match in the Properties of the depedency
(*) Check your target platform and verify whether this org.eclipse.core.resources plugin exists
(*) If the error still persist, go to the Plug-ins tab in the launch configuration of your RCP. Check whether the o.e.c.resources is added. The Validate Plug-ins buttons should be helpful to determine any issues
Add the bundle org.eclipse.core.resources in your plugin dependencies. That should work just fine.