Oxygen XML Forum

I am following the steps to create the JWS installer:

http://www.oxygenxml.com/doc/ug-editor/ ... aller.html

Previous to this, I created an ssl certificate for the domain docs.rackspace.com, copied the public key to rackspaceCert.crt and using keytool added an alias and password. I also imported the rackspaceCert.crt certificate to my jdk's cacerts file.

When I run the ant build on step 6 of the JWS Deployment Procedure, I get the error:

M92702Y642:jwsPackager thu4404$ ant
Buildfile: /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/build.xml

clean:
[delete] Deleting directory /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/dist/InstData

compile:

mainJar:

copy:
[mkdir] Created dir: /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/dist/InstData/oxygenJWS
[copy] Copying 5 files to /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/dist/InstData/oxygenJWS

copyJars:
[copy] Copying 3 files to /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/dist/InstData/oxygenJWS/lib
[jar] Building jar: /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/dist/InstData/oxygenJWS/lib/log4j.properties.jar

pack:

putJnlpInMainJar:
[mkdir] Created dir: /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/JNLP-INF
[copy] Copying 1 file to /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/JNLP-INF
[jar] Building jar: /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/temp.jar
[zip] Warning: JNLP-INF/APPLICATION.JNLP modified in the future.
[zip] Updating zip: /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/dist/InstData/oxygenJWS/lib/deployer.jar
[delete] Deleting: /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/temp.jar
[delete] Deleting directory /Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/JNLP-INF

sign:
[echo] Signing all jars.
[echo] Signing slice 1
[apply] jarsigner error: java.lang.RuntimeException: keystore load: toDerInputStream rejects tag type 45

BUILD FAILED
/Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/build.xml:75: apply returned: 1

Total time: 44 seconds

Line 75 in build.xml is:

<apply executable="jarsigner" parallel="false" verbose="true" failonerror="true">


Any help would be appreciated.

Hi,

From what we've tested the Java jarsigner utility should handle well two types of certificates: PKCS12 and JKS.

There seem to be a number of posts on the web about this particular problem like:

http://www.advogato.org/person/johnnyb/ ... ?start=143

So you can try to convert your certificate to PKCS12 or if your certificate is JKS you need to directly modify the build.xml and change the value given to the -storetype parameter.

Unfortunately I cannot find exact information on the web about all the allowed "storetype" values which can be given to the jarsigner, but it's clear that in your case it tries to interpret the certificate as PKCS12 but the certificate has another type.

Regards,
Radu

Thanks for the quick reply. I managed to create a valid keystore, and I can manually sign random .jar's using the jarsigner command, for example:

jarsigner -keystore keystore.ImportKey -signedjar test.Signed.jar test.jar docs

results in the signed .jar file: test.Signed.jar, and running:

jarsigner -verify test.Signed.jar

results in:

jar verified.

However, when I point to the same keystore in my packager.properties via the keystore variable and run the command: ant, I get the error:

...

sign:
[echo] Signing all jars.
[echo] Signing slice 1
[echo] keystore=../../../keystore.ImportKey
[echo] storepass=password
[echo] alias=docs
[apply] jarsigner error: java.lang.RuntimeException: keystore load: DerInputStream.getLength(): lengthTag=109, too big.

BUILD FAILED
/Users/thu4404/Downloads/oXygen/FromoXygen/oxygen/tools/jwsPackager/build.xml:75: apply returned: 1

Total time: 25 seconds

Once again, line 75 in build.xml is:

<apply executable="jarsigner" parallel="false" verbose="true" failonerror="true">

Thanks again for your help.

Hi,

I finally was able to sign all the .jar's. I had to remove lines 76 and 77 in the build.xml:

<arg value="-storetype"/>
<arg value="PKCS12"/>

I assume this means that my keystore is not in the PKCS12 format? Since I am still able to sign the .jar's should I be concern that my keystore uses some other storetype?

I assume that so long as users have my public key everything should work. Thanks again for your time.

Hi,

I assume this means that my keystore is not in the PKCS12 format?

Yes, probably it has another format and the jarsigner probably performed some kind of auto-detection on it. I'll study the situation and see if we can remove the -storetype parameters completely from our JWS build files.

Since I am still able to sign the .jar's should I be concern that my keystore uses some other storetype?

No, you should not.

Regards,
Radu