Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8136687

DRS1.3: App is not blocked when rule set version is 1.0 and with jnlp-checksum element in ruleset.xml

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not an Issue
    • Icon: P3 P3
    • None
    • 9
    • deploy

      When verify fix of JDK-8135115, I found that "ruleset version=1.0"+"jnlp-checksum" issue is still there.

      Steps to reproduce:
      1. Import self ca cert to JCP -> Security -> Manage Certificates -> Singer CA.
          http://kgb.us.oracle.com:8080/DRS13Manual/lib/self.valid.cert
      2. Set up DeploymentRuleSet.jar:
          http://kgb.us.oracle.com:8080/DRS13Manual/lib/DeploymentRuleSet.jar.run-Jnlp-Checksum-Version-kgb/DeploymentRuleSet.jar
          It sets rule set version to 1.0 while with jnlp-checksum element in ruleset.xml
          For rule set content, see http://kgb.us.oracle.com:8080/DRS13Manual/lib/DeploymentRuleSet.jar.run-Jnlp-Checksum-Version-kgb/ruleset.xml
      3. Open browser and load http://kgb.us.oracle.com:8080/DRS13Manual/html/testApps.html
      4. Launch casinged jnlp by clicking on the link testCertsignedAllpermissionJNLPNoHref.jnlp from a browser
      5. If a valid security warning dialog shows up, then this issue is reproduced.
      Expected behavior:
      An application blocked dialog saying "Exception parsing Deployment Rule Set file" should show up.

            herrick Andy Herrick (Inactive)
            wenjyang Crystal Yang (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: