-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
1.8, 8
The rule is designed for some negative case. Note the hash is "bugos" to match no real certs used to sign app jars. So the app are supposed to be run with default action. However, now with 8b112, the app is be blocked with a dialog saying that the rule is invalid. Although, on the other hand, we could see the rule from JCP.
==============
<ruleset version="1.0">
<rule>
<id>
<certificate hash="bugos" algorithm="SHA-256"/>
</id>
<action permission="run"/>
</rule>
</ruleset>
==============
Steps to reproduce:
1. Generate DRS jar as above rule
2. Run any signed applets
3. If you see a dialog saying that the DRS rule is invalid, then the issue is reproduced.
some trace
===========
security: Grant socket perm for http://127.0.0.1:8080/LSPJPI/classes/testcertsignedhashSB.jar : java.security.Permissions@1cc3255 (
("java.net.SocketPermission" "127.0.0.1" "connect,accept,resolve")
)
ruleset: Non-jnlp rule id:
title: SimpleApplet
location: http://127.0.0.1:8080/LSPJPI/html/CertsignedSandboxAppletHash.html
main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsignedhashSB.jar
main version: null
isArtifact: true
ruleset: finding Deployment Rule Set for
title: SimpleApplet
location: http://127.0.0.1:8080/LSPJPI/html/CertsignedSandboxAppletHash.html
main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsignedhashSB.jar
main version: null
isArtifact: true
ruleset: Exception parsing deployment rule set com.sun.deploy.security.BlockedException: Invalid rule in Deployment Rule Set file
com.sun.deploy.security.BlockedException: Invalid rule in Deployment Rule Set file
at com.sun.deploy.security.ruleset.RuleSetParser.validateRule(Unknown Source)
at com.sun.deploy.security.ruleset.RuleSetParser.endElement(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(Unknown Source)
at com.sun.deploy.security.ruleset.RuleSetParser.parse(Unknown Source)
at com.sun.deploy.security.ruleset.DeploymentRuleSet$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.ruleset.DeploymentRuleSet.initialize(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
basic: Invalid rule in Deployment Rule Set file
==============
<ruleset version="1.0">
<rule>
<id>
<certificate hash="bugos" algorithm="SHA-256"/>
</id>
<action permission="run"/>
</rule>
</ruleset>
==============
Steps to reproduce:
1. Generate DRS jar as above rule
2. Run any signed applets
3. If you see a dialog saying that the DRS rule is invalid, then the issue is reproduced.
some trace
===========
security: Grant socket perm for http://127.0.0.1:8080/LSPJPI/classes/testcertsignedhashSB.jar : java.security.Permissions@1cc3255 (
("java.net.SocketPermission" "127.0.0.1" "connect,accept,resolve")
)
ruleset: Non-jnlp rule id:
title: SimpleApplet
location: http://127.0.0.1:8080/LSPJPI/html/CertsignedSandboxAppletHash.html
main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsignedhashSB.jar
main version: null
isArtifact: true
ruleset: finding Deployment Rule Set for
title: SimpleApplet
location: http://127.0.0.1:8080/LSPJPI/html/CertsignedSandboxAppletHash.html
main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsignedhashSB.jar
main version: null
isArtifact: true
ruleset: Exception parsing deployment rule set com.sun.deploy.security.BlockedException: Invalid rule in Deployment Rule Set file
com.sun.deploy.security.BlockedException: Invalid rule in Deployment Rule Set file
at com.sun.deploy.security.ruleset.RuleSetParser.validateRule(Unknown Source)
at com.sun.deploy.security.ruleset.RuleSetParser.endElement(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(Unknown Source)
at com.sun.deploy.security.ruleset.RuleSetParser.parse(Unknown Source)
at com.sun.deploy.security.ruleset.DeploymentRuleSet$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.ruleset.DeploymentRuleSet.initialize(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
basic: Invalid rule in Deployment Rule Set file