I'm facing a SecurityException at runtime:
java.lang.SecurityException: class "util.OpenNItoDTW"'s signer information does not match signer information of other classes in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
where util.OpenNItoDTW is my own class which is using a 3rd party jar.
According to this the jar's have to be signed using the same certificate.
But neither of the jar is signed, checked it using jdk's jarsigner -verify.
What exactly is causing this problem?
You are probably using a package name that's already used by someone else. If they have signed their work and yours is unsigned, then you'll get that error. The purpose of the error is to protect signed content from being added to by others without consent of the original signer.
Signing something is like saying "This code is from me, and you can trust me". If anyone could add new classes to your package, that would mean your stuff could no longer be trusted, so this case is prevented.
Think of a package name like a trademark. Often they start with the reverse order of a company's web site. For example org.apache.commons.codec starts with org.apache indicating it's from the same group that runs apache.org. You should try to ensure your package names are unique so you are not inadvertently representing your code as if it's from another organization.