Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8026002

Certificate based DRS rule does not work when main jar is in nested resource block or extension

XMLWordPrintable

    • b04
    • x86
    • windows_7
    • Not verified

        J2SE Version (please include all output from java -version flag):
           7U45 and 7U40

        java version "1.7.0_40"
           Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
            HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode)

        Does this problem occur on J2SE 6ux or 7ux? Yes / No (pick one)
           N/A
          

        Operating System Configuration Information (be specific):
           Window 7 x64

        Hardware Configuration Information (be specific):
           Various


        Bug Description:

        Not be able to get a certificate rule to work in a DeploymentRuleSet. Had tried many variations, and none have worked. Was emulating the example shown here:
            https://blogs.oracle.com/java-platform-group/entry/introducing_deployment_rule_sets

        The docs say that only SHA256 is supported now, and that the colons should be stripped. All the examples have the hash in all upper case.

        Using a location rule works fine, but not the certificate ones. Originally tried to let the <action> be to run the application, but having it block made the testing a bit easier.

        The Java security dialog only gives the hash with SHA1, needed to go to the actual jar file to get the SHA256. The keytool command provides:

        Certificate fingerprints:
                 MD5: F1:6C:A8:50:8C:1D:FA:80:0D:56:F3:12:F7:FA:CA:B6
                 SHA1: D4:9D:87:31:A9:E8:5E:19:9E:B0:31:BF:A8:87:C2:9D:2E:C8:71:77
                 SHA256: 4E:81:86:EF:A9:01:D0:5F:8C:9B:B5:3A:70:C4:71:F6:58:E1:2A:D7:63:3C:86:4E:E3:77:A2:88:AA:23:AC:31
                 Signature algorithm name: SHA1withRSA
                 Version: 3

        The SHA1 hash matches the one shown in the security dialog, so it should be using the correct value.

        Steps to Reproduce (be specific):

        Use the DeploymentRuleSet on https://www.ocie.net/OcieDemo/JViewer/webstart.html and watch it not block the application


          1. ruleset.xml
            0.9 kB
            Ting-Yun Ingrid Yao

              herrick Andy Herrick (Inactive)
              tyao Ting-Yun Ingrid Yao (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: