Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Fix
Priority: P2
Fix Version/s: None
Affects Version/s: 1.3.0
Component/s: deploy
Labels:
- licbug
- licdirect

Subcomponent:
plugin
CPU:

x86
OS:

windows_nt

Name: pa48320 Date: 01/24/2001

Using a self-signed RSA certificate and signed jar in the 1.3.0_01 plug-in results in the certificate not being found. The reason appears to be that the plug-in is not asking the browser to verify the certificate and only looking in the JRE keystore jre\lib\security\cacerts.
Reproduce the problem as follows:

My IE version is 5.00.3105.0106CO
Using the 1.3.0_01 jdk and Plug-in....

Create a hello-world style applet in Bug.java:

import java.awt.*;
import javax.swing.*;

public class Bug extends JApplet
{
public void init() {
Container c = getContentPane();
c.setLayout( new FlowLayout(FlowLayout.CENTER) );
c.add( new JLabel("Hello world!") );
}
}

create some basic html:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML>
<HEAD>
<TITLE>Bug</TITLE>
</HEAD>
<BODY>
<HR>
<!{{~SAS~(APPLET)- Generated Code - Do Not Edit!>
<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
<COMMENT>
<SCRIPT LANGUAGE="JavaScript1.1"></SCRIPT>
</COMMENT>
<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
<APPLET CODE="Bug.class" WIDTH=600 HEIGHT=400 ARCHIVE="Bug.jar" ></XMP>
<PARAM NAME="ARCHIVE" VALUE="Bug.jar">
<PARAM NAME="CODE" VALUE="Bug.class">
</APPLET>
</NOEMBED></EMBED></OBJECT>
<!}}~SAS~(APPLET)>
<HR>
</BODY>
</HTML>

create a jar
jar -cf Bug.jar Bug.class

run it to verify the applet and HTML.

Now sign it as follows:

generate a keypair for signing:
keytool -genkey -keyalg RSA -keystore test_store -alias rsatest -validity 360

export a certificate file (we'll need this later)
keytool -export -alias rsatest -file rsatest.cer -keystore test_store

sign Bug.jar:
jarsigner -keystore test_store Bug.jar rsatest

Import rsatest.cer into IE (as a root CA).

try it out and see the following exception:

java.security.cert.CertificateException: Unable to verify the certificate with root CA
at sun.plugin.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Completely uninstall 1.3.0_01 jdk and jre.
Install 1.3 Plug-in.

run the applet again and it runs fine.

======================================================================

relates to

JDK-4447912 applet signed by cert from SunPKI, root CA GTE Cyber Trust, does not work

Resolved

Assignee:: Stanley Ho (Inactive)

Reporter:: Peter Allenbach (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2001-01-24 08:50

Updated:: 2001-01-24 15:14

Resolved:: 2001-01-24 15:14

Imported:: 15/Sep/12 10:56 AM

Indexed:: 17/Jul/12 8:47 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates