java - Does OpenWebStart support Code Signing a multi-signature approach? - Stack Overflow

admin管理员组

文章数量:1123788

I’m asking if it is somehow possible to use multiple signatures for code signing of Java applications.

Usually as I understand for signing JARs, I do need to have a valid and not expired certificate.

When I start an application (JNLP with OpenWebStart) the signatures is checked:

• The certificate is valid and not expired (if I have a signed time stamp, the certificate only has to be not expired on the time of signing)
• All JARs within the application do have to be signed with the same certificate (no mixture of valid certificate is allowed).

The problem with this approach is that all JARs have to be updated at the same time all the time (if the certificate is changing). (this come especially if the applications includes JARs from different Teams and Vendors)

If there is a way to support that multiple JARs can be signed with different, jet valid certificates … is there a way?

Time:   Time-1  Time-2      Time-3      Time-3      Time-4
Jar-A   Sig1    Sig1        Sig1        Sig2        Sig2
Jar-B   Sig1    Sig1        Sig1+Sig2   Sig1+Sig2   Sig2
Jar-C   Sig1    Sig1+Sig2   Sig2        sig2        Sig2
Jar-D   Sig1    Sig1        Sig1+Sig2   Sig1+Sig2   Sig2

I've not found for signing a way to set multiple certificates.

本文标签： javaDoes OpenWebStart support Code Signing a multisignature approachStack Overflow