we have custom components integrated in on client side of Captain Casa, so we have our build server handle the signing of the jar files along with the other client side jar files that are part of the Captain Casa delivery.
After switching from Java 6 to Java 7 on our jenkins build server, suddenly our application did not start any more. The error message looked like this (the class does not matter):
java.io.IOException: invalid SHA1 signature file digest for javax/servlet/ServletRequestWrapper.class
at com.sun.deploy.cache.CacheEntry$10.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
.....
We found out that the reason for this is that the default sigining algorithm was changed from SHA-1 to SHA-256 between Java 6 and Java 7. In some jars, the Manifest file contained two signatures, one for SHA1 and one for SHA256, like this:
The solution was to adjust our jar signer to explicitly use SHA1 as digest algorithm. Just add "-digestalg SHA1" to your signjar call (in ant it would be the digestalg property of the signjar task).