Public: Technology Reviews : Webstart Finding mismatched signatures
This page last changed on Nov 04, 2009 by scytacki.

Here is an example of how to track down jars signed by different certificates

wget http://jnlp.concord.org/dev/org/concord/jnlp2shell/jnlp2shell-1.0-SNAPSHOT.jar
java -jar jnlp2shell-1.0-SNAPSHOT.jar http://jnlp.concord.org/dev/org/concord/maven-jnlp/all-otrunk-snapshot/all-otrunk-snapshot-0.1.0-20090428.164547.jnlp .
cd http
find . -name "*.jar" -exec mkdir "{}.d" ";"
find . -name "*.jar" -exec unzip -d "{}.d" "{}" META-INF/CONCORD.RSA ";"
find . -name CONCORD.RSA -exec cmp -n 3373 jnlp.concord.org/80/dev/velocity/velocity-dep/velocity-dep-1.4.jar.d/META-INF/CONCORD.RSA "{}" ";"

Then look for differences

fixing this my making a new version of the file:
copy the old file
change the signature
update all the jnlps which point to this:

sudo /usr/java/jdk1.5.0_15/bin/jarsigner -keystore /home/maven/cc-keystore-2006 sensor-vernier__V0.1.0-20090502.033056-176.jar concord
sudo grep -l -R "0.1.0-20090502.033056-175" . | sudo xargs -n 1 sed -i 's/0.1.0-20090502.033056-175/0.1.0-20090502.033056-176/g'
Document generated by Confluence on Jan 27, 2014 16:56