-
Bug
-
Resolution: Fixed
-
P3
-
8u20, 9
-
win7/x64/jre8u20-b25/jre9-b26
-
b06
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8055703 | 9 | Andy Herrick | P3 | Resolved | Fixed | b30 |
JDK-8082315 | emb-9 | Andy Herrick | P3 | Resolved | Fixed | b30 |
JDK-8063232 | 8u45 | Andy Herrick | P3 | Resolved | Fixed | b01 |
JDK-8070634 | emb-8u47 | Andy Herrick | P3 | Resolved | Fixed | team |
According to comments in JDK-8014361, non-signed jnlp with insecure properties will not show warning prompt in attachment. And according to Andy, "greed upon changes were implemented under different bugs".
But I still can reproduce this issue.
Steps to reproduce:
1. Import self signed ca self.valid.cert to have a valid trusted cert
Open JCP -> Security -> Manage Certificates - Singer CA,import http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/lib/self.valid.cert
2. Load non-signed jnlp with JAR properly signed:
http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargsjarsign/jnlp/testsignedvmWrong.jnlp
The property in jnlp are not correct.
3. If a security warning with title "Security Warning" shows up and in more info dialog it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......", then this issue is reproduced. See attached jarsign.png
Note:
1. If all jar and jnlp are signed, app still failed with jre9-b26 and 8u20-b25 due to:
java.lang.NullPointerException
at com.sun.javaws.JnlpxArgs.execProgram(Unknown Source)
at com.sun.javaws.Launcher.relaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
all signed test app: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testsignedvmWrong.jnlp
But if run above all signed jnlp with 8u5-13, a fatal error dialog will show up instead of NPE. See attachment 8u5-wrong-property.png
But I still can reproduce this issue.
Steps to reproduce:
1. Import self signed ca self.valid.cert to have a valid trusted cert
Open JCP -> Security -> Manage Certificates - Singer CA,import http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/lib/self.valid.cert
2. Load non-signed jnlp with JAR properly signed:
http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargsjarsign/jnlp/testsignedvmWrong.jnlp
The property in jnlp are not correct.
3. If a security warning with title "Security Warning" shows up and in more info dialog it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......", then this issue is reproduced. See attached jarsign.png
Note:
1. If all jar and jnlp are signed, app still failed with jre9-b26 and 8u20-b25 due to:
java.lang.NullPointerException
at com.sun.javaws.JnlpxArgs.execProgram(Unknown Source)
at com.sun.javaws.Launcher.relaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
all signed test app: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testsignedvmWrong.jnlp
But if run above all signed jnlp with 8u5-13, a fatal error dialog will show up instead of NPE. See attachment 8u5-wrong-property.png
- backported by
-
JDK-8055703 Security Dialog for unsigned jnlp still different in jnlp Application case.
-
- Resolved
-
-
JDK-8063232 Security Dialog for unsigned jnlp still different in jnlp Application case.
-
- Resolved
-
-
JDK-8070634 Security Dialog for unsigned jnlp still different in jnlp Application case.
-
- Resolved
-
-
JDK-8082315 Security Dialog for unsigned jnlp still different in jnlp Application case.
-
- Resolved
-