Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8185498

Console log shows that cert is expired (but TSA valid) although no certs in chain is expired.

XMLWordPrintable

    • b23
    • x86_64
    • windows_7

        FULL PRODUCT VERSION :
        java version "1.8.0_144"
        Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
        Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows [Version 6.1.7601]

        A DESCRIPTION OF THE PROBLEM :
        When launching an applet with either Java 8u141 or 8u144, the following warning appeared the Java console (tracing enabled):

        security: The certificate has expired, need to check timestamping info
        security: Timestamping info is available
        security: The certificate has expired, and is timestamped in valid period
        security: Start checking TSA certificate path
        security: Even though certificate has expired, it is timestamped in valid period and has valid TSA

        There is no warning when running with Java 8u131.

        REGRESSION. Last worked in version 8u131

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        1. Install either Java 8u144 or 8u141
        2. Switch java console on
        3. access https://docs.oracle.com/javase/tutorial/deployment/applet/getStarted.html
        4. If you see the following log in java console, then the issue is reproduced:
        ===============
        security: The certificate has expired, need to check timestamping info
        security: Timestamping info is available
        security: The certificate has expired, and is timestamped in valid period
        security: Start checking TSA certificate path
        security: Even though certificate has expired, it is timestamped in valid period and has valid TSA
        ===============

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        No warning should appear in the console log
        ACTUAL -
        This warning appear in the console log:

        security: The certificate has expired, need to check timestamping info
        security: Timestamping info is available
        security: The certificate has expired, and is timestamped in valid period
        security: Start checking TSA certificate path
        security: Even though certificate has expired, it is timestamped in valid period and has valid TSA


        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        Java Plug-in 11.144.2.01 x86
        Using JRE version 1.8.0_144-b01 Java HotSpot(TM) Client VM
        User home directory = C:\Users\u8011207
        ----------------------------------------------------
        c: clear console window
        f: finalize objects on finalization queue
        g: garbage collect
        h: display this help message
        l: dump classloader list
        m: print memory usage
        o: trigger logging
        q: hide console
        r: reload policy configuration
        s: dump system and deployment properties
        t: dump thread list
        v: dump thread stack
        x: clear classloader cache
        0-5: set trace level to <n>
        ----------------------------------------------------
        network: Created version ID: 1.5.0
        network: Created version ID: 1.8.0
        network: Created version ID: 1.8.0.144
        network: Created version ID: 1.8
        network: Created version ID: 1.8.0.144
        network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null]
        network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null]
        network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null]
        security: Accessing keys and certificate in Mozilla user profile: null
        security: JSS is not configured
        network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre1.8.0_144/lib/ext/sunec.jar, version: null]
        network: Connecting https://java.com/ga/applet/verify/JavaDetection_applet.jnlp with proxy=DIRECT
        network: Connecting http://java.com:443/ with proxy=DIRECT
        security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts
        security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts
        security: Obtain certificate collection in SSL Root CA certificate store
        security: Obtain certificate collection in SSL Root CA certificate store
        security: Loading certificates from Deployment session certificate store
        security: Loaded certificates from Deployment session certificate store
        security: Loaded blacklisted.certs file: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
        security: SHA-256Certificate finger print: 1928D783912AAB3DCB75BBF704FDA1A57D058CDC0D27ECF41F60CCBEB9B83E77
        security: SHA-256Certificate finger print: 663636C03FD0B5B171F2B04407C3DF767B349C8A990D87CE485898166E2B5120
        security: Checking if SSL certificate is in Deployment permanent certificate store
        security: Obtain certificate collection in SSL Root CA certificate store
        security: Obtain certificate collection in SSL Root CA certificate store
        security: Obtain certificate collection in SSL Root CA certificate store
        security: Obtain certificate collection in SSL Root CA certificate store
        security: Loading certificates from Deployment session certificate store
        security: Loaded certificates from Deployment session certificate store
        network: Connecting http://s.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
        security: OCSP Response: GOOD
        network: Connecting http://rd.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
        security: OCSP Response: GOOD
        security: Saving certificates in Deployment session certificate store
        security: Saved certificates in Deployment session certificate store
        network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre1.8.0_144/lib/ext/sunjce_provider.jar, version: null]
        network: Connecting https://java.com/ga/applet/verify/JavaDetection_applet.jnlp with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA"
        network: ResponseCode for https://java.com/ga/applet/verify/JavaDetection_applet.jnlp : 200
        network: Encoding for https://java.com/ga/applet/verify/JavaDetection_applet.jnlp : null
        network: Server response: (length: 605, lastModified: Sat Aug 20 19:35:04 ICT 2016, downloadVersion: null, mimeType: application/x-java-jnlp-file)
        network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null]
        network: Downloading resource: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
        Content-Length: 605
        Content-Encoding: null
        network: Wrote URL https://java.com/ga/applet/verify/JavaDetection_applet.jnlp to File C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\39ba0a44-4ca39e36-temp
        network: Disconnect connection to https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
        network: Cache: Enable a new CacheEntry: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
        network: Downloaded https://java.com/ga/applet/verify/JavaDetection_applet.jnlp: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\39ba0a44-4ca39e36
        cache: Adding MemoryCache entry: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
        cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@646cbf35: 1
        cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@646cbf35: 2
        basic: XMLParser with _source:
        <?xml version="1.0" encoding="UTF-8"?>
        <jnlp href="JavaDetection_applet.jnlp" spec="1.0+">
            <information>
                <title>Java Detection</title>
                <vendor>Oracle Inc.</vendor>
            </information>
            <resources>
                <!-- Application Resources -->
        <j2se version="1.6+"/>
                <jar href="JavaDetection.jar" />
            </resources>
        <security>
        <all-permissions />
        </security>
            <applet-desc
                 name="Java Detection Applet"
                 main-class="JavaDetection"
                 width="1"
                 height="1">
             </applet-desc>
             <update check="background"/>
        </jnlp>
        network: Created version ID: 1.6+
        network: Created version ID: 1.9
        temp: returning LaunchDesc from XMLFormat.parse():

        <jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp">
          <information>
            <title>Java Detection</title>
            <vendor>Oracle Inc.</vendor>
            <homepage href="null"/>
          </information>
          <security>
            <all-permissions/>
          </security>
          <update check="background" policy="always"/>
          <resources>
            <java version="1.6+"/>
            <jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/>
          </resources>
          <applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/>
        </jnlp>
        network: Created version ID: 1.6+
        network: Created version ID: 1.8
        network: Created version ID: 1.5.0
        network: Created version ID: 1.8.0
        network: Created version ID: 1.8.0.144
        network: Created version ID: 1.8
        network: Created version ID: 1.8.0.144
        network: Created version ID: 1.6+
        network: Created version ID: 1.8
        network: Created version ID: 1.5.0
        network: Created version ID: 1.8.0
        network: Created version ID: 1.8.0.144
        network: Created version ID: 1.8
        network: Created version ID: 1.8.0.144
        network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null]
        basic: Plugin2ClassLoader.addURL2 called for https://java.com/ga/applet/verify/JavaDetection.jar
        basic: Plugin2ClassLoader.drainPendingURLs addURL called for https://java.com/ga/applet/verify/JavaDetection.jar
        network: LaunchDownload: concurrent downloads from LD: 4
        network: Total size to download: -1
        security: Security check for progress jars: allSigned=true
        network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null]
        network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null]
        network: Connecting https://java.com/ga/applet/verify/JavaDetection.jar with proxy=DIRECT
        network: Connecting https://java.com/ga/applet/verify/JavaDetection.jar with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA"
        network: Cache entry not found [url: https://java.com/ga/im/applet/verify_anim.gif, version: null]
        network: Connecting https://java.com/ga/im/applet/verify_anim.gif with proxy=DIRECT
        network: Connecting http://java.com:443/ with proxy=DIRECT
        network: ResponseCode for https://java.com/ga/applet/verify/JavaDetection.jar : 200
        network: Encoding for https://java.com/ga/applet/verify/JavaDetection.jar : null
        network: Server response: (length: 8505, lastModified: Sat Aug 20 19:35:04 ICT 2016, downloadVersion: null, mimeType: unknown)
        network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null]
        network: Downloading resource: https://java.com/ga/applet/verify/JavaDetection.jar
        Content-Length: 8,505
        Content-Encoding: null
        network: Wrote URL https://java.com/ga/applet/verify/JavaDetection.jar to File C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0-temp
        network: Disconnect connection to https://java.com/ga/applet/verify/JavaDetection.jar
        security: Blacklist revocation check is enabled
        security: blacklist: created: NEED_LOAD, lastModified: 1501130102856
        security: blacklist: check contains iBywVX7zLRzWhyAtYNcb7IDgZcQpGDUYfCnLqaKA8So=, state now NEED_LOAD
        security: blacklist: loadCache
        security: blacklist: not found in cache
        security: Trusted libraries list check is enabled
        security: Trusted libraries list file not found
        cache: Create from verifier: JarSigningData{hasOnlySignedEntries=true, hasSingleCodeSource=true, hasMissingSignedEntries=false}
        network: Cache: Enable a new CacheEntry: https://java.com/ga/applet/verify/JavaDetection.jar
        network: Connecting https://java.com/ga/im/applet/verify_anim.gif with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA"
        network: Downloaded https://java.com/ga/applet/verify/JavaDetection.jar: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0
        cache: Adding MemoryCache entry: https://java.com/ga/applet/verify/JavaDetection.jar
        cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 1
        network: Download Progress: jarsDone: 1
        network: Created version ID: 1.6+
        network: Created version ID: 1.8
        network: Created version ID: 1.5.0
        network: Created version ID: 1.8.0
        network: Created version ID: 1.8.0.144
        network: Created version ID: 1.8
        network: Created version ID: 1.8.0.144
        network: Created version ID: 1.6+
        network: Created version ID: 1.8
        basic: LaunchDesc.selectJRE( returning selected jre: JREInfo for index 3:
            platform is: 1.8
            product is: 1.8.0_144
            location is: http://java.sun.com/products/autodl/j2se
            path is: C:\Program Files (x86)\Java\jre1.8.0_144\bin\javaw.exe
            args is: -Ddeployment.trace=true -Ddeployment.trace.level=all
            native platform is: Windows, x86 [ x86, 32bit ]
            JavaFX runtime is: JavaFX 1.8.0_144 at: C:\Program Files (x86)\Java\jre1.8.0_144\lib\ext\
            enabled is: true
            registered is: true
            system is: true

        basic: LaunchDesc location: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
        security: --- parseCommandLine converted : -Ddeployment.trace=true -Ddeployment.trace.level=all
        into:
        [-Ddeployment.trace=true, -Ddeployment.trace.level=all]
        network: Created version ID: 1.0+
        network: Created version ID: 8.20
        cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 2
        basic: XMLParser with _source:
        <?xml version="1.0" encoding="UTF-8"?>
        <jnlp href="JavaDetection_applet.jnlp" spec="1.0+">
            <information>
                <title>Java Detection</title>
                <vendor>Oracle Inc.</vendor>
            </information>
            <resources>
                <!-- Application Resources -->
        <j2se version="1.6+"/>
                <jar href="JavaDetection.jar" />
            </resources>
        <security>
        <all-permissions />
        </security>
            <applet-desc
                 name="Java Detection Applet"
                 main-class="JavaDetection"
                 width="1"
                 height="1">
             </applet-desc>
             <update check="background"/>
        </jnlp>
        network: Created version ID: 1.6+
        network: Created version ID: 1.9
        temp: returning LaunchDesc from XMLFormat.parse():

        <jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp">
          <information>
            <title>Java Detection</title>
            <vendor>Oracle Inc.</vendor>
            <homepage href="null"/>
          </information>
          <security>
            <all-permissions/>
          </security>
          <update check="background" policy="always"/>
          <resources>
            <java version="1.6+"/>
            <jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/>
          </resources>
          <applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/>
        </jnlp>
        security: Downloaded JNLP file:
        security:
        <jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp">
          <information>
            <title>Java Detection</title>
            <vendor>Oracle Inc.</vendor>
            <homepage href="null"/>
          </information>
          <security>
            <all-permissions/>
          </security>
          <update check="background" policy="always"/>
          <resources>
            <java version="1.6+"/>
            <jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/>
          </resources>
          <applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/>
        </jnlp>
        security: Signed JNLP file:
        security:
        <jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp">
          <information>
            <title>Java Detection</title>
            <vendor>Oracle Inc.</vendor>
            <homepage href="null"/>
          </information>
          <security>
            <all-permissions/>
          </security>
          <update check="background" policy="always"/>
          <resources>
            <java version="1.6+"/>
            <jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/>
          </resources>
          <applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/>
        </jnlp>
        cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 3
        security: Validating cached jar url=https://java.com/ga/applet/verify/JavaDetection.jar ffile=C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0 com.sun.deploy.cache.CachedJarFile@113071c
        security: Istrusted: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp false
        security: Loading Deployment certificates from C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
        security: Loaded Deployment certificates from C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
        security: Loading certificates from Deployment session certificate store
        security: Loaded certificates from Deployment session certificate store
        security: Loading certificates from Deployment session certificate store
        security: Loaded certificates from Deployment session certificate store
        security: Loading certificates from Deployment session certificate store
        security: Loaded certificates from Deployment session certificate store
        security: Loading certificates from Deployment session certificate store
        security: Loaded certificates from Deployment session certificate store
        security: Validate the certificate chain using CertPath API
        security: The certificate has expired, need to check timestamping info
        security: Timestamping info is available
        security: The certificate has expired, and is timestamped in valid period
        security: Start checking TSA certificate path
        security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts
        security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts
        security: Obtain certificate collection in Root CA certificate store
        security: Obtain certificate collection in Root CA certificate store
        security: Obtain certificate collection in Root CA certificate store
        security: Obtain certificate collection in Root CA certificate store
        security: Even though certificate has expired, it is timestamped in valid period and has valid TSA
        security: SHA-256Certificate finger print: 5184FC1E50375F7FF3BE8F0E847759111918604DFE3CEAF1D22BA20DE1C193E1
        security: SHA-256Certificate finger print: 0CFC19DB681B014BFE3F23CB3A78B67208B4E3D8D7B6A7B1807F7CD6ECB2A54E
        security: SHA-256Certificate finger print: 8420DFBE376F414BF4C0A81E6936D24CCC03F304835B86C7A39142FCA723A689
        security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305
        security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305
        security: The OCSP support is enabled
        security: The CRL support is enabled
        network: Cache entry not found [url: https://java.com/ga/im/applet/verify_anim.gif, version: null]
        network: Connecting https://java.com/ga/im/applet/verify_anim.gif with proxy=DIRECT
        network: Connecting https://java.com/ga/im/applet/verify_anim.gif with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA"
        network: CleanupThread used 428008 us
        network: Connecting http://ocsp.verisign.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
        security: OCSP Response: GOOD
        network: Connecting http://ocsp.verisign.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
        security: OCSP Response: GOOD
        network: Connecting http://sf.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
        security: OCSP Response: GOOD
        security: Certificate validation succeeded using OCSP/CRL
        security: Saving certificates in Deployment session certificate store
        security: Saved certificates in Deployment session certificate store
        security: Verifying permission attribute in main jar: https://java.com/ga/applet/verify/JavaDetection.jar
        network: Created version ID: 1.8.0.144
        network: Created version ID: 1.8.0.141
        basic: Dialog type is not candidate for embedding


        REPRODUCIBILITY :
        This bug can be reproduced always.

          1. ConsoleLog_8u131.txt
            19 kB
            Pallavi Sonal
          2. ConsoleLog_8u144.txt
            24 kB
            Pallavi Sonal
          3. ConsoleLog_9ea+180.txt
            21 kB
            Pallavi Sonal

              herrick Andy Herrick (Inactive)
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: