I have a signed Java applet, and the certificate just expired. I have a new certificate, but I'm not sure that I can find the original, unsigned applet jar file. Is there any way that I can take the signed jar and replace the old certificate with a new one? Thanks.
Asked
Active
Viewed 2,021 times
5
-
possible duplicate of [can we resign the already signed jars in java?](http://stackoverflow.com/questions/2162830/can-we-resign-the-already-signed-jars-in-java) – Andrew White Jun 03 '12 at 11:38
2 Answers
1
You can't wrap it.
However, you should be able to simply re-sign the JAR with a different certificate. Signing a JAR doesn't encrypt it in anyway. It just adds stuff to the manifest section.
This is not a security issue. The re-signed certificate is different to the original one, the end-user has to accept it all over again. (I don't think you can avoid that ... because it would be a security issue!)
Anyway, the simple approach is to just try re-signing the signed applet JAR, and see whether it works, and how it behaves when you try to run it as a user.
Stephen C
- 698,415
- 94
- 811
- 1,216
-
Make sure to strip out the original signature information before signing with the new certificate. If a Jar is signed by more than one certificate, there will be problems at run-time. – Andrew Thompson Jun 03 '12 at 06:03
1
To solve a similar situation I deleted all signature files under META-INF/*.SF and META-INF/*.RSA and signed it again.
META-INF/MANIFEST.MF now contains both the old (unused) lines with SHA-1 hash and the new SHA-256 ones; the remaining old ones don't seem to be a problem: jarsigner -verify -verbose reports everything's OK with the new signature.
lapo
- 3,136
- 26
- 34