paho.mqtt.java
paho.mqtt.java copied to clipboard
eclipse
SecurityException: SHA-256 digest error
Please fill out the form below before submitting, thank you!
- [x] Bug exists Release Version 1.1.1 ( Master Branch)
- [ ] Bug exists in Snapshot Version 1.1.2-SNAPSHOT (Develop Branch)
I'm trying to make Android app and I must use shrinker to remove unused emthods. It's processing the jar files and when it hits Paho, it crashes:
java.lang.SecurityException: SHA-256 digest error for org/eclipse/paho/client/mqttv3/internal/ClientState.class
Looking at the source code, it's using JarFile.getInputStream() which is probably what causes the excpetion. Because all other libraries I'm using works just fine, I suspect there is something wrong with signatures in Paho's jar.
I'm experiencing the same issue but for me it's when I include MqttConnectOptions. Anyone know of a fix?
I was experiencing this on android
java.lang.SecurityException: SHA-256 digest error for org/eclipse/paho/client/mqttv3/MqttConnectOptions.class
because of :app:transformClassesWithInstantRunForDebug
I disabled instant run and the issue was fixed
Any fix found for this? I would like to use Instant Run but the MQTT library is preventing me from doing so.
Disabling "instant run" isn't really the solution. Will there be an update soon?
Interesting, If I run the latest 1.2.0 Jar through Jarsigner, It's verified correctly:
Command: jarsigner -verify -verbose -certs org.eclipse.paho.client.mqttv3-1.2.0.jar
sm 7548 Mon Aug 14 08:37:32 BST 2017 org/eclipse/paho/client/mqttv3/MqttConnectOptions.class
[entry was signed on 14/08/17 13:37]
X.509, CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA
[certificate is valid from 04/03/15 00:00 to 08/03/18 12:00]
X.509, CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
[certificate is valid from 22/10/13 13:00 to 22/10/28 13:00]
X.509, CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
[certificate is valid from 10/11/06 00:00 to 10/11/31 00:00]
The sm means that the signature was verified and that the entry is listed in manifest. The MqttConnectOptions class isn't too complicated either so I'm unsure as to why that one is being singled out. Do you have any further information that would help us debug this?
For us the problem is as well: java.lang.SecurityException: SHA-256 digest error for org/eclipse/paho/client/mqttv3/internal/ClientState.class . Is there any fix for this issue? We use the client version 1.2.0. With what Java version do you build and sign the jar? I think that Java 7 introduced a new algorithm for jar signing.
What helps me is to change the Gradle Aware Make before launch step. Click on the edit icon and enter a Gradle task to execute, usually assembleDebug or something similar. I can not find anything any info on why this is working.
It seems there is a similar issue with other libraries, such as this:
https://issuetracker.google.com/issues/115556774 https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/354
open file org.eclipse.paho.client.mqttv3-.jar white 7z
then cd \META-INF
delete .SF,.DSA,.RSA
it works !
is it did not do config like this?
<configuration> <filters> <filter> <artifact>*:*</artifact> <excludes> <exclude>META-INF/*.SF</exclude> <exclude>META-INF/*.DSA</exclude> <exclude>META-INF/*.RSA</exclude> </excludes> </filter> </filters> </configuration>
