Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: JNLP signing requirement.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: JNLP signing requirement.

I'm surprised that nobody else on this list is interested in this problem.   I'm sure I've seen other developers who rely on Java Web Start here.     There's a little discussion on stackoverflow about this, here, but I'll post the gist below if anyone has any ideas:

We've been able to determine that you can sign a jnlp file with codesign, using the "Developer ID Application" Certificate, like this:
codesign -f -s "Developer ID Application: " foo.jnlp

The result from this operation seems to pass Gatekeeper on the local machine. However, it seems like the signature gets stored as extended HFS attributes, and as a result, it is not transmitted if a user fetches the file from a HTTP transaction.

It might work if you took the .jnlp file, and packaged it in some kind of container, like a .dmg or maybe a .tar.gz, however, that's both a lot of work, and it provides a fairly challenging user experience.

Anyone have any idea how one might transport a codesigned jnlp, to a user via HTTP, /without/ the user needing to manually unpack an archive of some sort?


On Jun 5, 2013, at 5:40 PM, Steve Kann <email@hidden> wrote:

Just noticed this tidbit from 10.8.4 -- and have started hearing from some users about it.
  • Note: Starting with OS X v10.8.4, Java Web Start (i.e. JNLP) applications downloaded from the Internet need to be signed with a Developer ID certificate. Gatekeeper will check downloaded Java Web Start applications for a signature and block such applications from launching if they are not properly signed.

Is there more documentation about this requirement available?   Is an Apple Developer ID Certificate required, or will a normal Code Signing certificate (as used to sign .jar files) suffice?

Was there any notice about this on these lists?


Do not post admin requests to the list. They will be ignored.
Java-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 >JNLP signing requirement. (From: Steve Kann <email@hidden>)

Visit the Apple Store online or at retail locations.

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.