The applet is giving the following error when it downloads one of these jars:
java.lang.SecurityException: invalid SHA1 signature file digest for org/apache/log4j/net/DefaultEvaluator.class
at sun.security.util.SignatureFileVerifier.verifySection(Unknown Source)
at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source)
at sun.security.util.SignatureFileVerifier.process(Unknown Source)
at java.util.jar.JarVerifier.processEntry(Unknown Source)
at java.util.jar.JarVerifier.update(Unknown Source)
at java.util.jar.JarFile.initializeVerifier(Unknown Source)
I'm not exactly sure what pieces are required to make this happen. We have some jar files that are signed with our "production" certificate. In the development environment they are then also signed at build time with a test certificate. The ones signed using Java 6 work fine in this manner. Those signed with Java 7 give the error specified above. Three files are different between two jars signed in this way:
CODESIGN.DSA, CODESIGN.SF and MANIFEST.MF.
The most obvious difference is that the jar signed with Java 7 has SHA-256-Digest entries in addition to the SHA1 entries.
I can provide these jar files to someone to look at but would prefer not to upload.