-
Bug
-
Resolution: Duplicate
-
P2
-
None
-
6
-
None
-
generic
-
generic
Tested Build : Nightly build(build 1.6.0-b99 dated 08/05/2005)
Build Location : /net/sqesvr-nfs.sfbay/global/nfs/deployment5/pit_builds
OS/Machines : kgb(solaris10), windows-64(winxp), JITENDER(winxp)
Problem description:
If user Runs the expired certificate with no timestamping object with option "Always trust content from this publisher" checked, then while loading the different applet signed with same certificate but valid timestamping object, there should be a security pop-up. Security pop-up should be there irrespective of browser session i.e. it should always be there if user tries to load applet within the same browser session or different browser session.
Behavior is correct if we reverse the scenario i.e. if we load the applet signed with valid timestamping object first and click on Run with option "Always trust content from this publisher" checked, then while loading the applet the expired certificate(same certificate) with no timestamping object(irrectpective of browser session) security pop-up is coming up
Prerequistes -
------------------
1) Import the Self-signed ca certificate (/net/sqe1/quality1/deployment2/jitu/plug-bug/timestamping/Justin.csr) and TSA certificate (/net/sqe1/quality1/deployment2/jitu/plug-bug/timestamping/opentsa.csr) into your Signer CA keystore at user level (using Java control panel).
OR
simply copy the /net/sqe1/quality1/deployment2/jitu/plug-bug/timestamping/trusted.cacerts into <user_deployment_home>/security
2) Make sure the date-time for your computer is in range of 4/4/2005 to 6/3/2005
Steps to reproduce:
-----------------------
1) Load the following applet ( applet coming from jar signed with no timestamping object)
http://sqeweb.sfbay.sun.com/deployment2/jitu/plug-bug/timestamping/applets/TestAppletExpired.html
On the security pop-up check the option "Always trust content from this publisher", click on the "Run" button
2)Close the browser and try loading the same applet again in different browser session. There should not be any popup
3)Close the browser and in the different browser session, load the following applet (applet coming from jar signed with with same certificate as above but with valid timestamping object)
http://sqeweb.sfbay.sun.com/deployment2/jitu/plug-bug/timestamping/applets/TestAppletValid.html
There should be a security pop-up , if security pop-up is not there then the bug is reproduced
Try the above mentioned steps but this time load the valid applet(mentioned in #3 above) first, you can notice that security pop-up is coming
Build Location : /net/sqesvr-nfs.sfbay/global/nfs/deployment5/pit_builds
OS/Machines : kgb(solaris10), windows-64(winxp), JITENDER(winxp)
Problem description:
If user Runs the expired certificate with no timestamping object with option "Always trust content from this publisher" checked, then while loading the different applet signed with same certificate but valid timestamping object, there should be a security pop-up. Security pop-up should be there irrespective of browser session i.e. it should always be there if user tries to load applet within the same browser session or different browser session.
Behavior is correct if we reverse the scenario i.e. if we load the applet signed with valid timestamping object first and click on Run with option "Always trust content from this publisher" checked, then while loading the applet the expired certificate(same certificate) with no timestamping object(irrectpective of browser session) security pop-up is coming up
Prerequistes -
------------------
1) Import the Self-signed ca certificate (/net/sqe1/quality1/deployment2/jitu/plug-bug/timestamping/Justin.csr) and TSA certificate (/net/sqe1/quality1/deployment2/jitu/plug-bug/timestamping/opentsa.csr) into your Signer CA keystore at user level (using Java control panel).
OR
simply copy the /net/sqe1/quality1/deployment2/jitu/plug-bug/timestamping/trusted.cacerts into <user_deployment_home>/security
2) Make sure the date-time for your computer is in range of 4/4/2005 to 6/3/2005
Steps to reproduce:
-----------------------
1) Load the following applet ( applet coming from jar signed with no timestamping object)
http://sqeweb.sfbay.sun.com/deployment2/jitu/plug-bug/timestamping/applets/TestAppletExpired.html
On the security pop-up check the option "Always trust content from this publisher", click on the "Run" button
2)Close the browser and try loading the same applet again in different browser session. There should not be any popup
3)Close the browser and in the different browser session, load the following applet (applet coming from jar signed with with same certificate as above but with valid timestamping object)
http://sqeweb.sfbay.sun.com/deployment2/jitu/plug-bug/timestamping/applets/TestAppletValid.html
There should be a security pop-up , if security pop-up is not there then the bug is reproduced
Try the above mentioned steps but this time load the valid applet(mentioned in #3 above) first, you can notice that security pop-up is coming
- duplicates
-
-
- Closed
-