Java 1.8 jnlp on OS X

[Michael Hall]

On Sep 29, 2014, at 10:56 AM, David DeHaven <david.dehaven at oracle.com> wrote:

> Java's code signer specifically needs a Java code signing cert. You can make one yourself for testing using "keytool",

Testing would be good enough to continue development support for JWS deployment for anyone on older releases that still allow it with self-signed.

I did find….
jarsigner -certchain ?
https://community.oracle.com/thread/3559250

Which almost seemed like it would be possible with a pieced together Mac Developer ID certificate setup.
Exporting one from keychain to p12 and turning it into a keystore seemed to get a single private key entry. From what I saw this keystore should also have a public key certificate as well, that I wasn’t sure yet how’d you’d get yet when I decided to drop this. But putting the key store together manually by code with Apple certs if you could figure the public key one out might just be possible. 
I did see some code where you took the Apple root + intermediate + Developer ID certificates to p12 format and then somehow used that to sign an app. It then suggested that you could use codesign to verify it worked. This seems odd since my understanding is you can just use codesign as-is to sign an app - which will probably be my main OS X deployment option for Java 8+ from now on. 
Finally though, my main interest in JWS was for cross-platform and of course this wouldn’t be. I decided I could come up with some other way to support old jws. Point to an old JDK 7 version of the javaws command or something.  Your suggestion would probably be better for this - thanks.


Michael Hall

trz nio.2 for OS X http://www195.pair.com/mik3hall/index.html#trz

HalfPipe Java 6/7 shell app http://www195.pair.com/mik3hall/index.html#halfpipe

AppConverter convert Apple jvm to openjdk apps http://www195.pair.com/mik3hall/index.html#appconverter