20140708 (Tuesday, 08 July 2014)¶
Some more packaging problems. After converting the packaging process for eidreader from make to fabric, there are some problems because I did not make a dumb 1:1 conversion. For example I had removed the -tsa option for my self-signed jars. Now I got the following message:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate’s expiration date (2014-08-25) or after any future revocation date.
The -tsa option, as explained in Signing JAR Files, “generates a time stamp for the signature using the Time Stamping Authority (TSA) identified by the URL.”.
Wikipedia article about Trusted timestamping explains some generally interesting things.
If I understand well, anyone can ask Globalsign’s TSA to act as TSA, even for self-signed jars, simply by adding:
-tsa http://timestamp.globalsign.com/scripts/timestamp.dll
The main problem was that the clients reported ClassNotFound errors for EIDReader$1.class:
Exception in thread "EIDReader applet" java.lang.RuntimeException: java.lang.NoClassDefFoundError:
src/eidreader/EIDReader$1java.lang.NoClassDefFoundError: src/eidreader/EIDReader$1
The EIDReader.java file produces several .class files: the usual EIDReader.class, three files (EstEIDUtil.class, PersonalFile.class and BelgianReader.class) for each additional class defined in the source file. And then two additional files EIDReader$1.class and EIDReader$2.class. Where do these come from? These are anonymous inner classes (as explained for example here).
After all this I still had to learn that the $ sign of the class
name can cause problem: Inner classes not being included in jar file.
I also observed the following things which seem to not disturb:
A mysterious message in the IcedTea console is:
Error on Java side: Codebase matches codebase manifest attribute, and application is signed. Continuing. See: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html for details.
When card data is being read, the console mentions several java.lang.ClassNotFoundException:
be.fedict.eid.applet.service.spi.AddressDTO be.fedict.eid.applet.service.spi.IdentityDTO org.apache.log4j.Category