JDK-8184993 : Jar file verification failing with SecurityException: digest missing xxx
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 8u141
- Priority: P2
- Status: Resolved
- Resolution: Fixed
- Submitted: 2017-07-20
- Updated: 2018-02-08
- Resolved: 2017-07-22
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 | JDK 7 | JDK 8 | Other |
|---|---|---|---|
| 6u161Fixed | 7u151Fixed | 8u144Fixed  |
openjdk7uFixed |
Related Reports
|
Relates :
|
Sub Tasks
|
JDK-8185136 :
|
Description
Behavioural change in 8u141 is causing some jar files to fail verification. Example stacktrace : com.sun.deploy.net.JARSigningException: Could not verify signing in resource: (http://localhost:8080/webstart/lib/l2fprod-0.0.1.jar, 55873) at com.sun.deploy.security.JarVerifier.authenticateJarEntry(Unknown Source) at com.sun.deploy.security.EnhancedJarVerifier.validate(Unknown Source) at com.sun.deploy.cache.CacheEntry.processJar(Unknown Source) at com.sun.deploy.cache.CacheEntry.access$2700(Unknown Source) at com.sun.deploy.cache.CacheEntry$7.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source) at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source) at com.sun.deploy.cache.Cache.downloadResourceToTempFile(Unknown Source) ... ================================ WrappedException: ================================ java.lang.SecurityException: digest missing for com/l2fprod/common at sun.security.util.ManifestEntryVerifier.verify(Unknown Source) at java.util.jar.JarVerifier.processEntry(Unknown Source) at java.util.jar.JarVerifier.update(Unknown Source) at java.util.jar.JarVerifier$VerifierStream.<init>(Unknown Source) at java.util.jar.JarFile.getInputStream(Unknown Source) at com.sun.deploy.security.JarVerifier.authenticateJarEntry(Unknown Source) at com.sun.deploy.security.EnhancedJarVerifier.validate(Unknown Source) at com.sun.deploy.cache.CacheEntry.processJar(Unknown Source) at com.sun.deploy.cache.CacheEntry.access$2700(Unknown Source) at com.sun.deploy.cache.CacheEntry$7.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source) at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source) at com.sun.deploy.cache.Cache.downloadResourceToTempFile(Unknown Source) ...