Run:
jarsigner -verify -verbose -certs /path/to/some.jar

This will show (excessive) signing information as well as the certs used to 
sign.

-DrD-


> I will see if I can get permission to send you the program.
> 
> I believe all of my jars are signed with the same certificate. What is the 
> best way to verify that?
> 
> 
> Thanks Kevin,
> 
> Neil
> 
> 
> 
> 
> From:   Kevin Rushforth <kevin.rushfo...@oracle.com>
> To:     ngalarn...@abinitio.com, 
> Cc:     Scott Palmer <swpal...@gmail.com>, dmitry cherepanov 
> <dmitry.cherepa...@oracle.com>, "openjfx-dev@openjdk.java.net" 
> <openjfx-dev@openjdk.java.net>
> Date:   06/16/2014 06:12 PM
> Subject:        Re: All-Permissions not working properly with 
> sun.plugin2.applet.FXAppletSecurityManager
> 
> 
> 
> Hi Neil,
> 
> If you have a test program that you can send me, I can attach it for you.
> 
> Question for you: are all of your jar files (including the third-party 
> libs) signed with the same certificate?
> 
> -- Kevin
> 
> 
> ngalarn...@abinitio.com wrote: 
> Also, because I can't login, I can't add a comment to the bug report. 
> 
> I am also getting a security exception even though my applet is signed & 
> has all permissions. 
> 
> In this case it is happening on a call to getClassLoader() on the JavaFX 
> thread (not a daemon thread): 
> 
> Exception in thread "JavaFX Application Thread" 
> java.security.AccessControlException: access denied 
> ("java.lang.RuntimePermission" "getClassLoader") 
>        at java.security.AccessControlContext.checkPermission(Unknown 
> Source) 
>        at java.security.AccessController.checkPermission(Unknown Source) 
>        at java.lang.SecurityManager.checkPermission(Unknown Source) 
>        at 
> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source) 
> 
>        at java.lang.ClassLoader.checkClassLoaderPermission(Unknown 
> Source) 
>        at java.lang.Class.getClassLoader(Unknown Source) 
>        ... 
> 
> The call to getClassLoader() happens from inside a 3rd party library if 
> that matters. 
> 
> When I run the identical code as a desktop application it works fine EVEN 
> WHEN I ADD MY OWN SECURITY MANAGER. 
> 
> 
> Thank you for any help, 
> 
> Neil 
> 
> 
> 
> 
> From:        Scott Palmer <swpal...@gmail.com> 
> To:        Kevin Rushforth <kevin.rushfo...@oracle.com>, 
> Cc:        "openjfx-dev@openjdk.java.net" <openjfx-dev@openjdk.java.net> 
> Date:        06/13/2014 08:19 PM 
> Subject:        Re: All-Permissions not working properly with       
> sun.plugin2.applet.FXAppletSecurityManager 
> Sent by:        "openjfx-dev" <openjfx-dev-boun...@openjdk.java.net> 
> 
> 
> 
> Thank you.
> 
> Is there a way that people that are not project authors can get 
> notifications of updates?  I can’t click to add myself to the watch list 
> or vote without a login, and it seems to be near impossible to get a 
> login.
> The "Account Help” link on the login page is broken and everything I’ve 
> found in the wiki indicates I need to be a project author to get an 
> account.
> 
> Scott
> 
> 
> On Jun 13, 2014, at 8:05 PM, Kevin Rushforth <kevin.rushfo...@oracle.com> 
> wrote:
> 
>> Hi Scott,
>> 
>> I created two new non-confidential bugs and closed the original ones as 
> duplicates. Here are the new bugs:
>> 
>> 
>> reflection in daemon thread: 
>> JDK-8046825 (was JDK-8040699) : All-Permissions not working properly 
> with sun.plugin2.applet.FXAppletSecurityManager
>> 
>> security manager and applet-desc webstart mode: 
>> JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not 
> set Security Manager to null.
>> 
>> I have copied Dmitry in case he has any information about these bugs.
>> 
>> -- Kevin
>> 
>> 
>> Kevin Rushforth wrote:
>>> 
>>> Dmitry can comment further, but it is possible that this issue could be 
> backported to 8u40 if done soon enough. 
>>> 
>>> I will double-check whether the bugs can be made non-confidential (so 
> you can at least track progress), but I suspect they cannot in their 
> current form, in which case new bugs should be filed with the confidential 
> information moved to confidential comments in the bug. I will help with 
> this. 
>>> 
>>> -- Kevin 
>>> 
>>> 
>>> Scott Palmer wrote: 
>>>> Drat... I was hoping to see something much sooner, like 8u20 
> (obviously too late now) or 8u40.  I'm unable to use Web Start deployment 
> because of this. 
>>>> 
>>>> Is it necessary for these issues to be blocked from anonymous viewing? 
> 
>>>> 
>>>> Thanks for the update. 
>>>> 
>>>> Scott 
>>>> 
>>>> 
>>>> On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth <
> kevin.rushfo...@oracle.com <mailto:kevin.rushfo...@oracle.com>> wrote: 
>>>> 
>>>>    These are now assigned to Dmitry Cherapanov who I have copied here 
> 
>>>>    in case he isn't on the openjfx alias. They are both targeted to 
>>>>    JDK 9. 
>>>> 
>>>>    -- Kevin 
>>>> 
>>>> 
>>>>    Scott Palmer wrote: 
>>>> 
>>>>        I tried to send an email to Thomas asking about the status of 
>>>>        these issues 
>>>>        (they are not visible to me), but the email bounced (user 
>>>>        unknown).  Could 
>>>>        someone let me know the status? 
>>>> 
>>>>        Thanks, 
>>>> 
>>>>        Scott 
>>>> 
>>>> 
>>>>        On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng 
>>>>        <thomas.v...@oracle.com <mailto:thomas.v...@oracle.com>> 
> wrote: 
>>>> 
>>>> 
>>>>             Thanks for the report! 
>>>> 
>>>>            Two bugs created for this: 
>>>> 
>>>>            security manager and applet-desc webstart mode: 
>>>>            https://bugs.openjdk.java.net/browse/JDK-8040231 
>>>> 
>>>>            reflection in daemon thread: 
>>>>            https://bugs.openjdk.java.net/browse/JDK-8040699 
>>>> 
>>>>            -thomas 
>>>> 
>>>> 
>>>>              *From: *Scott Palmer <swpal...@gmail.com 
>>>>            <mailto:swpal...@gmail.com>> 
>>>>             *Subject: **All-Permissions not working properly with 
>>>>            sun.plugin2.applet.FXAppletSecurityManager* 
>>>>             *Date: *April 14, 2014 at 1:07:36 PM PDT 
>>>>             *To: *"openjfx-dev@openjdk.java.net 
>>>>            <mailto:openjfx-dev@openjdk.java.net>" 
>>>>            <openjfx-dev@openjdk.java.net 
>>>>            <mailto:openjfx-dev@openjdk.java.net>> 
>>>> 
>>>> 
>>>>            Can someone confirm that all-permissions is working for 
>>>>            JavaFX apps 
>>>>            that are launched via Web Start with Java 8.0 and use 
>>>>            daemon threads 
>>>>            in a Service? 
>>>> 
>>>>            I have a JNLP file that has: 
>>>>            <security> 
>>>>             <all-permissions/> 
>>>>            </security> 
>>>> 
>>>>            and the manifest of my app's jar has the following 
>>>>            instruction in my 
>>>>            Gradle script: 
>>>> 
>>>>            jar { 
>>>>               manifest { 
>>>>                   attributes('Permissions': 'all-permissions', 
>>>>                              'Codebase': '*') 
>>>>               } 
>>>>            } 
>>>> 
>>>>            I'm using the javafx gradle plugin and signing the jars... 
> 
>>>>            e.g. I see this for every dependency and the main jar: 
>>>>            ... 
>>>>            Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar 
>>>>            Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar 
> 
>>>>            ... 
>>>> 
>>>>            I even tried System.setSecurityManager(null); in my 
>>>>            start() method 
>>>>            (and it lets me do it). 
>>>> 
>>>>            However, daemon threads started by my Service are unable 
>>>>            to use 
>>>>            reflection. (It is working in the main FX application 
>>>>            thread.)  I see 
>>>>            the following stack trace in the Java console: 
>>>> 
>>>> 
>>>>            Caused by: java.security.AccessControlException: access 
> denied 
>>>>            ("java.lang.reflect.ReflectPermission" 
> "suppressAccessChecks") 
>>>>            at 
>>>>            java.security.AccessControlContext.checkPermission(Unknown 
> 
>>>>            Source) 
>>>>            at java.security.AccessController.checkPermission(Unknown 
>>>>            Source) 
>>>>            at java.lang.SecurityManager.checkPermission(Unknown 
> Source) 
>>>>            at 
>>>> 
> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown 
>>>>            Source) 
>>>>            at 
>>>>            java.lang.reflect.AccessibleObject.setAccessible(Unknown 
>>>>            Source) 
>>>> 
>>>> 
>>>>            Caused by: java.security.AccessControlException: access 
> denied 
>>>>            ("java.lang.RuntimePermission" "accessDeclaredMembers") 
>>>>            at 
>>>>            java.security.AccessControlContext.checkPermission(Unknown 
> 
>>>>            Source) 
>>>>            at java.security.AccessController.checkPermission(Unknown 
>>>>            Source) 
>>>>            at java.lang.SecurityManager.checkPermission(Unknown 
> Source) 
>>>>            at 
>>>> 
> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown 
>>>>            Source) 
>>>>            at java.lang.Class.checkMemberAccess(Unknown Source) 
>>>>            at java.lang.Class.getDeclaredMethod(Unknown Source) 
>>>>            at 
>>>> 
> ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
>  
> 
>>>>            at 
>>>> 
> ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
>  
> 
>>>>            at 
>>>> 
> ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
>  
> 
>>>>            ... 33 more 
>>>> 
>>>>            I bring it up here because FXAppletSecurityManager is 
>>>>            involved and 
>>>>            this smells like a possible bug in plugin2 
>>>> 
>>>>            Regards, 
>>>> 
>>>>            Scott 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
> 
> 
> 
> 
> 
> NOTICE from Ab Initio: This email (including any attachments) may contain 
> information that is subject to confidentiality obligations or is legally 
> privileged, and sender does not waive confidentiality or privilege. If 
> received in error, please notify the sender, delete this email, and make 
> no further use, disclosure, or distribution. 
> 
> 
> 
> NOTICE from Ab Initio: This email (including any attachments) may contain 
> information that is subject to confidentiality obligations or is legally 
> privileged, and sender does not waive confidentiality or privilege. If 
> received in error, please notify the sender, delete this email, and make 
> no further use, disclosure, or distribution. 

Reply via email to