Re: [iText-questions] Invalid signature file digest for Manifest main attributes (2.0.7)
Samuel B. Quiring wrote: Xavier, Thanks. That is what I expected. Too bad. I really like packaging my app up as a single .jar file. What could be easier than one file and no classpaths? It should be fairly easy to unpackage the class files and make a new unsigned jar. I wrote a similar ANT script to unpackage BouncyCastle and create a new jar signed with the same certificate for the iText toolbox. br, Bruno smime.p7s Description: S/MIME Cryptographic Signature - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/
Re: [iText-questions] Invalid signature file digest for Manifest main attributes (2.0.7)
Xavier, Thanks. That is what I expected. Too bad. I really like packaging my app up as a single .jar file. What could be easier than one file and no classpaths? -Sam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Xavier Le Vourch Sent: Saturday, December 08, 2007 1:51 PM To: Post all your questions about iText here Subject: Re: [iText-questions] Invalid signature file digest for Manifest main attributes (2.0.7) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Samuel B. Quiring wrote: I have a small test program that uses iText. It's been working fine for weeks. Today I downloaded itext-2.0.7.jar and replaced itext-2.0.6.jar. I rebuilt - no problems. When I tried to execute, I received this stack dump shown below. Any ideas? Starting with 2.0.7, the official iText jar file is now signed by Bruno. It seems that your problem comes from the repackaging of parts of the official jar file done during your build process. As a first step, you could try to run you application using your own classes and the official jar file to see if it works in that situation. If that works then, you'll need to have a closer look at how you're repackaging the classes. It's probably best to keep the official jar as is and just add it as a dependency in the manifest file for your test.jar file. Xavier I should probably mention that my build.xml file builds a single .jar from my simple test program and the itext-2.0.7.jar. To do this it unzips all the .jar files my code depends on (only itext-2.0.7.jar in this case) and then jars everything up into one big .jar with my main class called out in the manifest. I invoke my test program like this:java -jar test.jar Exception in thread main java.lang.SecurityException: Invalid signature file digest for Manifest main attributes at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source) at sun.security.util.SignatureFileVerifier.process(Unknown Source) at java.util.jar.JarVerifier.processEntry(Unknown Source) at java.util.jar.JarVerifier.update(Unknown Source) at java.util.jar.JarFile.initializeVerifier(Unknown Source) at java.util.jar.JarFile.getInputStream(Unknown Source) at sun.misc.URLClassPath$JarLoader$1.getInputStream(Unknown Source) at sun.misc.Resource.cachedInputStream(Unknown Source) at sun.misc.Resource.getByteBuffer(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) - -- Xavier Le Vourch Brittany Software, Inc. [EMAIL PROTECTED] PGP Key (ID 0x896C5947): http://brittanysoftware.com/gpg_key.asc Key fingerprint: 73B3 6370 B8C5 4325 F2D8 4115 0372 5805 896C 5947 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHWxGkA3JYBYlsWUcRAtgQAJ9DEgLXDTIyBGkOuNyKGbq9pUxECACgjMOZ MYSIoVCwskqCPc7hA7IWX3M= =AtIK -END PGP SIGNATURE- - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/ - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/
Re: [iText-questions] Invalid signature file digest for Manifest main attributes (2.0.7)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Samuel B. Quiring wrote: I have a small test program that uses iText. It's been working fine for weeks. Today I downloaded itext-2.0.7.jar and replaced itext-2.0.6.jar. I rebuilt - no problems. When I tried to execute, I received this stack dump shown below. Any ideas? Starting with 2.0.7, the official iText jar file is now signed by Bruno. It seems that your problem comes from the repackaging of parts of the official jar file done during your build process. As a first step, you could try to run you application using your own classes and the official jar file to see if it works in that situation. If that works then, you'll need to have a closer look at how you're repackaging the classes. It's probably best to keep the official jar as is and just add it as a dependency in the manifest file for your test.jar file. Xavier I should probably mention that my build.xml file builds a single .jar from my simple test program and the itext-2.0.7.jar. To do this it unzips all the .jar files my code depends on (only itext-2.0.7.jar in this case) and then jars everything up into one big .jar with my main class called out in the manifest. I invoke my test program like this:java -jar test.jar Exception in thread main java.lang.SecurityException: Invalid signature file digest for Manifest main attributes at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source) at sun.security.util.SignatureFileVerifier.process(Unknown Source) at java.util.jar.JarVerifier.processEntry(Unknown Source) at java.util.jar.JarVerifier.update(Unknown Source) at java.util.jar.JarFile.initializeVerifier(Unknown Source) at java.util.jar.JarFile.getInputStream(Unknown Source) at sun.misc.URLClassPath$JarLoader$1.getInputStream(Unknown Source) at sun.misc.Resource.cachedInputStream(Unknown Source) at sun.misc.Resource.getByteBuffer(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) - -- Xavier Le Vourch Brittany Software, Inc. [EMAIL PROTECTED] PGP Key (ID 0x896C5947): http://brittanysoftware.com/gpg_key.asc Key fingerprint: 73B3 6370 B8C5 4325 F2D8 4115 0372 5805 896C 5947 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHWxGkA3JYBYlsWUcRAtgQAJ9DEgLXDTIyBGkOuNyKGbq9pUxECACgjMOZ MYSIoVCwskqCPc7hA7IWX3M= =AtIK -END PGP SIGNATURE- - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/
