-
Bug
-
Resolution: Not an Issue
-
P2
-
None
-
8u11
FULL PRODUCT VERSION :
jdk 8
ADDITIONAL OS VERSION INFORMATION :
Windows
A DESCRIPTION OF THE PROBLEM :
java version : jre-8u66-windows-x64
A DESCRIPTION OF THE PROBLEM :
JRE 8u66 does not run applets contained in JAR files which were timestamped by a trusted TSA and signed by a valid code signing certificate, after the expiration of the code signing certificate.
JRE 8U66 fails to load the applet, giving an error "Failed to validate certificate. The application will not be executed.".
The problem goes away if I remove the client PC's connectivity to the public internet, only allowing it to connect to the server hosting the applet. It returns if I restore the client PC's connectivity to the public internet.
The problem also goes away if I restore the client PC's date setting to the current (within the validity of the signing key) date.
JRE 7 woks correctly - the time stamped applet is allowed to execute after the expiration of the code signing certificate but with a warning message saying "The application will run with unrestricted access which may put your computer and personal information at risk. The information provided is unreliable or unknown so it is recommended not to run this application unless you are familiar with its source".
REPRODUCIBILITY :
This bug can be reproduced always.
REGRESSION. Last worked in version 8u121
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) I build a jar file and sign it with a valid certificate, giving a "-tsa http://timestamp.digicert.com" argument. The expiry date of the certificate used to sign the jars is 15 december 2019
2) I shut down the browser (IE, Chrome), set the client system Date to Jan 2020, bring the browser back up and navigate to the page with the applet.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
EXPECTED -
If I time stamp and sign a JAR with a valid Varisign-issued code signing certificate then that JAR should continue to work after the expiration of the code signing certificate - that is the entire point of the time stamp.
ACTUAL -
ACTUAL -
If I time stamp and sign a JAR with a valid Varisign-issued code signing certificate then that JAR does not continue to work after the expiration of the code signing certificate.
REPRODUCIBILITY :
This bug can be reproduced always.
jdk 8
ADDITIONAL OS VERSION INFORMATION :
Windows
A DESCRIPTION OF THE PROBLEM :
java version : jre-8u66-windows-x64
A DESCRIPTION OF THE PROBLEM :
JRE 8u66 does not run applets contained in JAR files which were timestamped by a trusted TSA and signed by a valid code signing certificate, after the expiration of the code signing certificate.
JRE 8U66 fails to load the applet, giving an error "Failed to validate certificate. The application will not be executed.".
The problem goes away if I remove the client PC's connectivity to the public internet, only allowing it to connect to the server hosting the applet. It returns if I restore the client PC's connectivity to the public internet.
The problem also goes away if I restore the client PC's date setting to the current (within the validity of the signing key) date.
JRE 7 woks correctly - the time stamped applet is allowed to execute after the expiration of the code signing certificate but with a warning message saying "The application will run with unrestricted access which may put your computer and personal information at risk. The information provided is unreliable or unknown so it is recommended not to run this application unless you are familiar with its source".
REPRODUCIBILITY :
This bug can be reproduced always.
REGRESSION. Last worked in version 8u121
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) I build a jar file and sign it with a valid certificate, giving a "-tsa http://timestamp.digicert.com" argument. The expiry date of the certificate used to sign the jars is 15 december 2019
2) I shut down the browser (IE, Chrome), set the client system Date to Jan 2020, bring the browser back up and navigate to the page with the applet.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
EXPECTED -
If I time stamp and sign a JAR with a valid Varisign-issued code signing certificate then that JAR should continue to work after the expiration of the code signing certificate - that is the entire point of the time stamp.
ACTUAL -
ACTUAL -
If I time stamp and sign a JAR with a valid Varisign-issued code signing certificate then that JAR does not continue to work after the expiration of the code signing certificate.
REPRODUCIBILITY :
This bug can be reproduced always.
- duplicates
-
JDK-8187354 Not able to load applets with timestamped and signed jars after certificate expiry date
-
- Closed
-
-
JDK-8187355 JRE 8 doesn't run timestamped applets after certificate is expired
-
- Closed
-
- relates to
-
JDK-8047702 JRE 8U5 doesn't run timestamped applets after signing cert expiry
-
- Closed
-
-
JDK-8187354 Not able to load applets with timestamped and signed jars after certificate expiry date
-
- Closed
-