Invalid signature file when attempting to run a .jar
The solution listed here might provide a pointer.
Invalid signature file digest for Manifest main attributes
Bottom line :
It's probably best to keep the official jar as
is and just add it as a dependency in the manifest file for your
application jar file.
Invalid signature file digest for Manifest main attributes exception while trying to run jar file
Some of your dependency JARs is a signed JAR, so when you combine then all in one JAR and run that JAR then signature of the signed JAR doesn't match up and hence you get the security exception about signature mis-match.
To fix this you need to first identify which all dependency JARs are signed JARs and then exclude them. Depending upon whether you are using MAVEN or ANT, you have to take appropriate solution. Below are but you can read more here, here and here.
Maven:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.6</version>
<executions>
<execution>
<id>unpack-dependencies</id>
<phase>package</phase>
<goals>
<goal>unpack-dependencies</goal>
</goals>
<configuration>
<excludeScope>system</excludeScope>
<excludes>META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA</excludes>
<excludeGroupIds>junit,org.mockito,org.hamcrest</excludeGroupIds>
<outputDirectory>${project.build.directory}/classes</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
ANT:
<jar destfile="app.jar" basedir="${classes.dir}">
<zipfileset excludes="META-INF/**/*" src="${lib.dir}/bcprov-jdk16-145.jar"></zipfileset>
<manifest>
<attribute name="Main-Class" value="app.Main"/>
</manifest>
</jar>
Update based on OP's comment:
"sqljdbc4.jar" was the signed JAR in OP's external libraries. So, following above approach to systematically exclude the signature related files like .SF, .RSA or .DES or other algorithms files is the right way to move forward.
If these signature files are not excluded then security exception will occur because of signature mismatch.
How to know if a JAR is signed or not?: If a JAR contains files like files like .SF, .RSA or .DES or other algorithms files, then it is a signed JAR. Or run jarsigner -verify jarname.jar
and see if it outputs "verified"
IntelliJ Jar Error : Invalid signature file digest for Manifest main attributes
Thanks for @y.bedrov who linked to this issue that helped my solving the error, where it includes the following:
"sqljdbc4.jar" was the signed JAR in OP's external libraries. So,
following above approach to systematically exclude the signature
related files like .SF, .RSA or .DES or other algorithms files is the
right way to move forward.
And yes I'm also using "sqljdbc4.jar", so after reading the answer i decided to solve the problem by deleting the signature files from my Meta-inf folder inside my jar file.
Invalid signature file digest for Manifest main attributes for external jar files In android project
Problem fixed when I used unsigned jar.
LeanFT TestExportTool - Invalid signature file digest for Manifest main attributes
Unsign the jar. Here's how I did that
- Make a backup of the jar
- If you have 7zip (or similar), you can open the
.jar
as an archive - Navigate to
META-INF
folder - Delete the signature files (e.g.
.SF
and.DSA
files)
But there are other variances of this:
- How do I unsign a jar?
- Un signing a signed jar
- Removing Jar Signatures in Gradle Build
Error in executing the generated jar file
This is likely the result of bundling third party library jars that have been signed to prevent tampering. Your bundling is likely including signature files from these jars in your 'fat' jars manifest. You can explicitly exclude signature files using a directive like:
exclude 'META-INF/*.RSA', 'META-INF/*.SF','META-INF/*.DSA'
related question: "Invalid signature file" when attempting to run a .jar
Related Topics
Get Os-Level System Information
Get Generic Type of Java.Util.List
How to Implement a Single Instance Java Application
How Does the "Final" Keyword in Java Work (I Can Still Modify an Object.)
To Prevent a Memory Leak, the Jdbc Driver Has Been Forcibly Unregistered
Difference Between Javac and the Eclipse Compiler
How to Calculate Someone'S Age in Java
How to Set or Change the Default Java (Jdk) Version on Macos
Byte Order Mark Screws Up File Reading in Java
How to Secure an API Rest For Mobile App (If Sniffing Requests Gives You the "Key")
Jcomponents Not Showing Up With Picture Background
How Does a Java Hashmap Handle Different Objects With the Same Hash Code
Including Dependencies in a Jar With Maven