-
Bug
-
Resolution: Cannot Reproduce
-
P3
-
None
-
6u20
-
x86
-
windows_2000
FULL PRODUCT VERSION :
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows 2000 [Version 5.00.2195]
A DESCRIPTION OF THE PROBLEM :
Java Web Start shows security warning dialog for signed and unsigned unsafe code combination, even thoug no unsigned code is involved but several code signing certificates involed.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a jnlp-File with at least one jar-File refer by jar tag and at least one jar-File refer by extension tag.
e.g.:
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.5+" ...>
...
<resources>
<jar href="pathToMain/Main.jar"
version="3.1-build23" main="true"
<jar href="portal/Contrib-cryptix-jce-api-2009.jar"
version="2005-03-28"/>
<extension name="Contrib-cryptix-jce-provider.jar"
href="local/Contrib-cryptix-jce-provider.jnlp"/>
</resources>
....
</jnlp>
Sign jar-File refer by jar tag with another certificate as jar-File refer by extension tag. Start web start application and see wrong security warning.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no security warning
ACTUAL -
security warning
REPRODUCIBILITY :
This bug can be reproduced always.
Release Regression From : 6u19
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows 2000 [Version 5.00.2195]
A DESCRIPTION OF THE PROBLEM :
Java Web Start shows security warning dialog for signed and unsigned unsafe code combination, even thoug no unsigned code is involved but several code signing certificates involed.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a jnlp-File with at least one jar-File refer by jar tag and at least one jar-File refer by extension tag.
e.g.:
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.5+" ...>
...
<resources>
<jar href="pathToMain/Main.jar"
version="3.1-build23" main="true"
<jar href="portal/Contrib-cryptix-jce-api-2009.jar"
version="2005-03-28"/>
<extension name="Contrib-cryptix-jce-provider.jar"
href="local/Contrib-cryptix-jce-provider.jnlp"/>
</resources>
....
</jnlp>
Sign jar-File refer by jar tag with another certificate as jar-File refer by extension tag. Start web start application and see wrong security warning.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no security warning
ACTUAL -
security warning
REPRODUCIBILITY :
This bug can be reproduced always.
Release Regression From : 6u19
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.