Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: JNLP signing requirement.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: JNLP signing requirement.



On Jun 10, 2013, at 8:20 AM, Steve Kann wrote:

We've been able to determine that you can sign a jnlp file with codesign, using the "Developer ID Application" Certificate, like this:
codesign --"Developer ID Application: " foo.jnlp

I might of been confusing the use of extended attributes in this process in my previous post.
It is apparently the quarantine attributes in download files that sets this attribute.
As near as I can tell checking now extended attributes are not used for the codesign signature. 
I saw this…

Signed code contains several digital signatures:

• If the code is universal, the object code for each slice (architecture) is signed separately. This signature is stored within the binary file itself.
• Various components of the application bundle (such as the Info.plist file, if there is one) are also signed. These signatures are stored in a file called _CodeSignature/CodeResources within the bundle.

Here…

Neither of which appear to apply for a jnlp file. 
Curious, when you say this worked on the local machine where did the signature go?

I was thinking one possibility for this would be to keep the jnlp signature in a file separate on the server. For <MyApp>.jnlp have the associated signature as <MyApp>.sig or something. 
Java Web Start when it starts running could parse the server URL out of the jnlp download and attach the signature. Again thinking extended attributes was the mechanism this might not  of been all that tough. But what is the mechanism? Where did your signature go?

This probably wouldn't do anything for you on dynamic jnlp either. Since a change in the jnlp should mean generating a new signature. 

Michael Hall



AppConverter convert Apple jvm to openjdk apps http://www195.pair.com/mik3hall/index.html#appconverter





 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References: 
 >JNLP signing requirement. (From: Steve Kann <email@hidden>)
 >Re: JNLP signing requirement. (From: Steve Kann <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.