Failure to wrap unsigned .apk file due to no response from Timestamping Authority

Document ID : KB000004624
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When trying to upload the unsigned .apk file via the CA MAA Administration Console, we received the following error:

Upload APK screen capture.jpg

The ca-logstore.log shows the following error stack trace:

[NoticeCodeJsonResponseProvider,catalina-exec-2] ERROR  - TID[0|1|1|<server-name:port>] 203051141: Failed to wrap apk for app id banking belonging to tenant DEFAULTORG.
com.ca.emm.corejsvr.ExceptionWithNC: Failed to wrap apk for app id banking belonging to tenant DEFAULTORG.

.

.

Caused by: com.ca.emm.corejsvr.ExceptionWithNC: Error cause: java.lang.Exception: Exiting, Signing APK failed!
    ... 44 more
[ErrorConverter,catalina-exec-2] TRACE  - TID[0|1|1|<server-name>] .ErrorConverter.convertExWithNCToPojo - Entry
[ErrorConverter,catalina-exec-2] TRACE  - TID[0|1|1|<server-name:port>] .ErrorConverter.convertExWithNCToPojo - Entry
[ErrorConverter,catalina-exec-2] INFO   - TID[0|1|1|<server-name:port>] Error in request handling with declared cause 'com.ca.emm.corejsvr.ExceptionWithNC: Error cause: java.lang.Exception: Exiting, Signing APK failed!'
[ErrorConverter,catalina-exec-2] WARN   - TID[0|1|1|<server-name:port> 203051141: Failed to wrap apk for app id banking belonging to tenant DEFAULTORG.
[ErrorConverter,catalina-exec-2] WARN   - TID[0|1|1|<server-name:port>] 203051159: Error cause: java.lang.Exception: Exiting, Signing APK failed!

 

When trying to wrap using the Wrapper Utility command, for example:

./wrap.sh -d -a <path_to_apk_file> -p <path_to_plist_file> -r -v

it also failed with the following error:

DEBUG: Current  dir using System:/Apps/CA/MAA15.4/mdosdks/android
jarsigner: unable to sign jar: no response from the Timestamping Authority. When connecting from behind a firewall an HTTP or HTTPS proxy may need to be specified. Supply the following options to jarsigner:
  -J-Dhttp.proxyHost=<hostname>
  -J-Dhttp.proxyPort=<portnumber>
or
  -J-Dhttps.proxyHost=<hostname>
  -J-Dhttps.proxyPort=<portnumber>
ERROR: jar signing failed...
ERROR: Exiting, Signing APK failed!
Exception: Exiting, Signing APK failed!
java.lang.Exception: Exiting, Signing APK failed!
        at com.ca.android.wrapper.Wrapper.startWrapping(Wrapper.java:197)
        at com.ca.android.wrapper.Wrapper.doWrap(Wrapper.java:78)
        at com.ca.android.wrapper.Wrapper.doWrap(Wrapper.java:44)
        at com.ca.android.wrapper.CAAPKWrapper.runWrapper(CAAPKWrapper.java:175)
        at com.ca.android.wrapper.CAAPKWrapper.main(CAAPKWrapper.java:166)

Environment:
CA App Experience Analytics 15.4
Cause:

The error message from the wrapper command indicates that the server you were running the wrapping from was not able to connect to the Timestamp Authority site at http://timestamp.digicert.com/.You can quickly verify the same by accessing this site via your browser on the same machine.

 

Resolution:

There are 2 options you can define to skip using the Time Stamping Authority to sign the jar, as this is often not necessary given the wrapped APK in this step is signed with the packaged self-signed certificate:

 

1) To disable the Time Stamping Authority when wrapping using the Administration Console, you can set the value of the following properties in the $CA_EMM_HOME/conf/mdo-server_instance.properties file to false:

jarsigner.tsa.enable=false

 

2) To disable the Time Stamping Authority when wrapping using the Wrapper Utility, you can use the -t option in the command. For example:

./wrap.sh -d -a <path_to_apk_file> -p <path_to_plist_file> -r -v -t

-t   Do not use Time Stamping Authority to sign the jar.

 

Note:

For more information on the command and options available, see Wrapper Utility.

Additional Information:

See Step 2 - Wrap the App for more information.