-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
8u77
-
x86
-
other
FULL PRODUCT VERSION :
java version "1.8.0_77"
Java(TM) SE Runtime Environment (build 1.8.0_77-b03)
Java HotSpot(TM) Client VM (build 25.77-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 10.0.10586]
A DESCRIPTION OF THE PROBLEM :
Loading resources with this.getClass().getClassLoader().getResourceAsStream() results in com.sun.deploy.net.JARSigningException even though the jar file is signed and jarsigner -verify confirms the jar to be signed.
REGRESSION. Last worked in version 8u73
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create an app that is deployed via Web Start
- create a jar file containing a resource to load, such as an image file
- package the main app in a jar that is different than the resource jar file
- sign the jars
- prepare the .jnlp file
In this app, use this.getClass().getClassLoader().getResourceAsStream() to load a resource file. The application pops up a warning window declaring the jar file to contain unsigned files.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The expectation is that the resource file would load successfully
ACTUAL -
A warning window pops up declaring "Failed to validate certificate. The application will not be executed."
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.security.cert.CertificateException: Found unsigned entry in resource: http://www.X.com/resources.jar
at com.sun.deploy.security.TrustDecider.ensureAllJarEntriesSigned(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.checkSignedSandboxSecurity(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.isPermissionGranted(Unknown Source)
at com.sun.deploy.security.DeployURLClassLoader.getResourcePermission(Unknown Source)
at com.sun.deploy.security.DeployURLClassLoader.getResourceAsStream(Unknown Source)
at com.X.Product.getModule(Product.java:181)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: http://www.X.com/resources.jar
... 45 more
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Instead of
this.getClass().getClassLoader().getResourceAsStream()
use
this.getClass().getClassLoader().getResource("xxx").openStream()
This will not throw the exception even though the resource file you're loading is exactly the same
java version "1.8.0_77"
Java(TM) SE Runtime Environment (build 1.8.0_77-b03)
Java HotSpot(TM) Client VM (build 25.77-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 10.0.10586]
A DESCRIPTION OF THE PROBLEM :
Loading resources with this.getClass().getClassLoader().getResourceAsStream() results in com.sun.deploy.net.JARSigningException even though the jar file is signed and jarsigner -verify confirms the jar to be signed.
REGRESSION. Last worked in version 8u73
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create an app that is deployed via Web Start
- create a jar file containing a resource to load, such as an image file
- package the main app in a jar that is different than the resource jar file
- sign the jars
- prepare the .jnlp file
In this app, use this.getClass().getClassLoader().getResourceAsStream() to load a resource file. The application pops up a warning window declaring the jar file to contain unsigned files.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The expectation is that the resource file would load successfully
ACTUAL -
A warning window pops up declaring "Failed to validate certificate. The application will not be executed."
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.security.cert.CertificateException: Found unsigned entry in resource: http://www.X.com/resources.jar
at com.sun.deploy.security.TrustDecider.ensureAllJarEntriesSigned(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.checkSignedSandboxSecurity(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.isPermissionGranted(Unknown Source)
at com.sun.deploy.security.DeployURLClassLoader.getResourcePermission(Unknown Source)
at com.sun.deploy.security.DeployURLClassLoader.getResourceAsStream(Unknown Source)
at com.X.Product.getModule(Product.java:181)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: http://www.X.com/resources.jar
... 45 more
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Instead of
this.getClass().getClassLoader().getResourceAsStream()
use
this.getClass().getClassLoader().getResource("xxx").openStream()
This will not throw the exception even though the resource file you're loading is exactly the same
- relates to
-
-
- Closed
-