-
Enhancement
-
Resolution: Cannot Reproduce
-
P3
-
None
-
6u21, 6u24
-
x86
-
solaris_8, windows_7
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2208061 | 6-pool | Vladislav Karnaukhov | P4 | Closed | Won't Fix |
FULL PRODUCT VERSION :
java version "1.6.0_21-ea"
Java(TM) SE Runtime Environment (build 1.6.0_21-ea-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.0-b14, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
tried this on: jre 1.6 u20 32 and 64 bit versions
A DESCRIPTION OF THE PROBLEM :
When jarsigner encounters a specification of the attributes for package versioning information it naturally inserts a SHA-1Digest or similar into the Manifest: Example:
Name: com/sun/jna/
Implementation-Vendor: JNA Development Team
Implementation-Title: com.sun.jna
Implementation-Version: 3.2.2 b0
Specification-Vendor: JNA Development Team
Specification-Title: Java Native Access (JNA)
Specification-Version: 3
SHA1-Digest: 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
I seems that when javaws tries to verify the signatures it incorrectly looks for something signed under com/sun/jna/ or tries to verify the signature of the entire package and not the signed block in the manifest.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
create a webstart app with signed jars having package specifications and try to start them with javaws. Turn off webstart caching
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
That the application should run without exceptions
ACTUAL -
Javaws failed with an exception
ERROR MESSAGES/STACK TRACES THAT OCCUR :
security: Round 2 (1 out of 2):http://sveinpc/builder/netbeans/org-apache-xml-resolver/ext-resolver-1.2.jar
security: Found unsigned entry: org/apache/xml/resolver
#### Java Web Start Error:
#### Found unsigned entry in resource: http://sveinpc/builder/netbeans/org-apache-xml-resolver/ext-resolver-1.2.jar
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Remove the package spec from the manifest file
java version "1.6.0_21-ea"
Java(TM) SE Runtime Environment (build 1.6.0_21-ea-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.0-b14, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
tried this on: jre 1.6 u20 32 and 64 bit versions
A DESCRIPTION OF THE PROBLEM :
When jarsigner encounters a specification of the attributes for package versioning information it naturally inserts a SHA-1Digest or similar into the Manifest: Example:
Name: com/sun/jna/
Implementation-Vendor: JNA Development Team
Implementation-Title: com.sun.jna
Implementation-Version: 3.2.2 b0
Specification-Vendor: JNA Development Team
Specification-Title: Java Native Access (JNA)
Specification-Version: 3
SHA1-Digest: 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
I seems that when javaws tries to verify the signatures it incorrectly looks for something signed under com/sun/jna/ or tries to verify the signature of the entire package and not the signed block in the manifest.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
create a webstart app with signed jars having package specifications and try to start them with javaws. Turn off webstart caching
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
That the application should run without exceptions
ACTUAL -
Javaws failed with an exception
ERROR MESSAGES/STACK TRACES THAT OCCUR :
security: Round 2 (1 out of 2):http://sveinpc/builder/netbeans/org-apache-xml-resolver/ext-resolver-1.2.jar
security: Found unsigned entry: org/apache/xml/resolver
#### Java Web Start Error:
#### Found unsigned entry in resource: http://sveinpc/builder/netbeans/org-apache-xml-resolver/ext-resolver-1.2.jar
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Remove the package spec from the manifest file
- backported by
-
JDK-2208061 javaws doesn't handle signed manifests with package specifications
-
- Closed
-