-
Bug
-
Resolution: Fixed
-
P2
-
8u20, 9
-
b12
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8061655 | 9 | Andy Herrick | P2 | Resolved | Fixed | b38 |
| JDK-8082372 | emb-9 | Andy Herrick | P2 | Resolved | Fixed | b38 |
| JDK-8063272 | 8u45 | Andy Herrick | P2 | Resolved | Fixed | b01 |
| JDK-8070674 | emb-8u47 | Andy Herrick | P2 | Resolved | Fixed | team |
The packager generates a jnlp file with:
<jfx:details>
<jfx:certificate-path> ...
</jfx:certificate-path>
</jfx:details>
in this case, the certificate is pre-verified (while the jars are downloaded) using a CodeSource that has this certificate but a location based on the jnlp file.
The code in TrustDecider.checkMainJarManifest() assumes the CodeSource refers to a jar, and tries to open that jar to see if it has the main class, and if so if it has a permission manifest attribute.
When the exception is caught from :
new JarFile(ResourceProvider.get().getCachedResourceFilePath(cs.getLocation(), ver), false);
a SecurityException is thrown, and the app is blocked for not having a permissions attribute.
We need to recognize this situation and not block
<jfx:details>
<jfx:certificate-path> ...
</jfx:certificate-path>
</jfx:details>
in this case, the certificate is pre-verified (while the jars are downloaded) using a CodeSource that has this certificate but a location based on the jnlp file.
The code in TrustDecider.checkMainJarManifest() assumes the CodeSource refers to a jar, and tries to open that jar to see if it has the main class, and if so if it has a permission manifest attribute.
When the exception is caught from :
new JarFile(ResourceProvider.get().getCachedResourceFilePath(cs.getLocation(), ver), false);
a SecurityException is thrown, and the app is blocked for not having a permissions attribute.
We need to recognize this situation and not block
- backported by
-
JDK-8061655 TrustDecider.checkMainJarManifest will fail for fx app with embedded certificate.
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-