jar-signing

I'm using maven-jarsigner-plugin to sign a shaded uber-jar of mine. I do need to distribute some dependencies in their own jars though, and want to take those jars from a Maven repo, clear them of any existing signatures, and sign them with my own certificate. Are there any Maven plugins that do this, or would i involve some Ant plugin hackery? Turns out maven-jarsigner-plugin can re -sign existing jars using it's removeExistingSignatures config element. So simple! I use maven-dependency-plugin to copy artifacts into a .war project in the generate-resources phase, then sign them in the process

Java jars can be signed with the JDK jarsigner tool. This, in conjuction with the policytool, appears to only allow you to add privileges to the jar when it is run. I would like a default "Revoke access to run." Is it possible to make java do white-listing in such a way that only jar files that have been signed by a certain set of certificates are allowed to run at all? h22 As I understand, this is on your computer you can control. Use java -Djava.security.manager YourApplication when starting the application. This installs the default security manager that can be configured through policy

In NetBeans I created an Exporter class that exports some data to an EXCEL file using APACHE POI, which uses XMLBeans. I added the APACHE POI 3.10.1 libraries by downloading the zip binaries and adding the jars manually. When I use this class inside the same project, everything runs correctly. Then I added this class to another project, via right click Libraries -> Add Project. But when I tried running this I got the following error while compiling. Signing JAR: C:\Users\c\p\dist\lib\xmlbeans-2.6.0.jar to C:\Users\c\p\dist\lib\xmlbeans-2.6.0.jar as nb-jfx jarsigner: unable to sign jar: java

Hi I am new with java modules so this might be a dumb question. I was trying to sign my jar file with keystore and got the following error. user@Ubuntu:libs(master)$ jarsigner -keystore keyStoreFileName Test.jar alias Enter Passphrase for keystore: jarsigner: unable to sign jar: java.util.zip.ZipException: duplicate entry: module-info.class I couldn't find any documentation of how to avoid this. So I did jar -tf to check the content of the jar and yes, it does have multiple module-info.class files Is there any option to combine them? and how? my module-info.java contains the following. module

I have an app on Google Play for years that has seen countless updates. The latest update (the first one in a while) fails to install for some people, they simply get the "Package not signed correctly" error message. It works for my Android devices I have at home. I'm building and signing with a custom build system that basically boils down to calling ant release , followed by jarsigner -verbose -keystore $(keystore) -storepass $(storepass) $(appname).apk $(alias) zipalign -v 4 $(appname).apk $(finalname).apk That has worked for years, there were no changes to the build system or keystore, I