Transformed WAR with signed jars won't deploy.
tech-consortium opened this issue · comments
When we transform a war that contains jars signed using jarsigner, we get a java.lang.SecurityException: Invalid signature file digest for Manifest main attributes.
When an artifact is mutated by the transformer, any signatures in the artifact may become invalidated. So the transformed artifact would need to be resigned by the proper signing authority.
The only thing transformer could do would be to strip out all signatures if the artifact is mutated. There is no way for transformer to resign the mutated artifact.
When an artifact is mutated by the transformer, any signatures in the artifact may become invalidated. So the transformed artifact would need to be resigned by the proper signing authority.
The only thing transformer could do would be to strip out all signatures if the artifact is mutated. There is no way for transformer to resign the mutated artifact.
How to configure last behavior? Thanks
How to configure last behavior?
Transformer does not have these capabilities. They would need to be added.