Using Java 14 (OpenJDK download), older versions of the JavaFX SDK (e.g. JavaFX 12) were capable of loading web pages with expired certificates. With Java 14 and JavaFX 14, an error is printed and the webpage is not shown.
However, with Java 11.0.2 and JavaFX 14, no error is printed and the page with the expired certificate is shown.
There is currently no clear and consistent documentation about how WebView should handle sites with expired certificates.
Might be related toJDK-8221097 and JDK-8211308.
Sample
=====
import javafx.application.Application;
import javafx.concurrent.Worker;
import javafx.scene.Scene;
import javafx.scene.layout.VBox;
import javafx.scene.web.WebView;
import javafx.stage.Stage;
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
public class Html5Webview extends Application {
public void start(Stage primaryStage) {
HttpsURLConnection.setDefaultSSLSocketFactory(TrustAllSSLProvider.getSslSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(TrustAllSSLProvider.getHostNameVerifier());
primaryStage.setTitle("JavaFX WebView Html5 Support");
WebView webView = new WebView();
webView.getEngine().getLoadWorker().stateProperty().addListener((o, ov, nv) -> {
if (nv == Worker.State.FAILED) {
System.out.println(webView.getEngine().getLoadWorker().getMessage());
webView.getEngine().getLoadWorker().getException().printStackTrace();
}
});
webView.getEngine().load("https://188.166.109.46");
VBox vBox = new VBox(webView);
Scene scene = new Scene(vBox);
primaryStage.setScene(scene);
primaryStage.show();
}
public static class TrustAllSSLProvider {
// Verify-all name verifier
private final static HostnameVerifier hostNameVerifier = (hostname, session) -> true;
// Trust-all socket factory
private static final SSLSocketFactory sslSocketFactory;
static {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sc;
try {
sc = SSLContext.getInstance("TLS");
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(e);
}
try {
sc.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (KeyManagementException e) {
throw new IllegalStateException(e);
}
sslSocketFactory = sc.getSocketFactory();
}
public static HostnameVerifier getHostNameVerifier() {
return hostNameVerifier;
}
public static SSLSocketFactory getSslSocketFactory() {
return sslSocketFactory;
}
}
public static void main(String[] args) {
// System.setProperty("javax.net.debug", "ssl");
launch(args);
}
}
Error (in case there is one):
ome/bin/java -p /opt/javafx-sdk-14/lib --add-modules javafx.web Html5Webview
Loading failed
java.lang.Throwable: SSL handshake failed
at javafx.web/javafx.scene.web.WebEngine$LoadWorker.describeError(WebEngine.java:1431)
at javafx.web/javafx.scene.web.WebEngine$LoadWorker.dispatchLoadEvent(WebEngine.java:1370)
at javafx.web/javafx.scene.web.WebEngine$PageLoadListener.dispatchLoadEvent(WebEngine.java:1231)
at javafx.web/com.sun.webkit.WebPage.fireLoadEvent(WebPage.java:2514)
at javafx.web/com.sun.webkit.WebPage.fwkFireLoadEvent(WebPage.java:2359)
at javafx.web/com.sun.webkit.network.URLLoaderBase.twkDidFail(Native Method)
at javafx.web/com.sun.webkit.network.HTTP2Loader.notifyDidFail(HTTP2Loader.java:624)
at javafx.web/com.sun.webkit.network.HTTP2Loader.lambda$didFail$18(HTTP2Loader.java:606)
at javafx.web/com.sun.webkit.network.HTTP2Loader.lambda$callBackIfNotCanceled$10(HTTP2Loader.java:437)
at javafx.graphics/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:428)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
at javafx.graphics/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:427)
at javafx.graphics/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)
However, with Java 11.0.2 and JavaFX 14, no error is printed and the page with the expired certificate is shown.
There is currently no clear and consistent documentation about how WebView should handle sites with expired certificates.
Might be related to
Sample
=====
import javafx.application.Application;
import javafx.concurrent.Worker;
import javafx.scene.Scene;
import javafx.scene.layout.VBox;
import javafx.scene.web.WebView;
import javafx.stage.Stage;
import javax.net.ssl.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
public class Html5Webview extends Application {
public void start(Stage primaryStage) {
HttpsURLConnection.setDefaultSSLSocketFactory(TrustAllSSLProvider.getSslSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(TrustAllSSLProvider.getHostNameVerifier());
primaryStage.setTitle("JavaFX WebView Html5 Support");
WebView webView = new WebView();
webView.getEngine().getLoadWorker().stateProperty().addListener((o, ov, nv) -> {
if (nv == Worker.State.FAILED) {
System.out.println(webView.getEngine().getLoadWorker().getMessage());
webView.getEngine().getLoadWorker().getException().printStackTrace();
}
});
webView.getEngine().load("https://188.166.109.46");
VBox vBox = new VBox(webView);
Scene scene = new Scene(vBox);
primaryStage.setScene(scene);
primaryStage.show();
}
public static class TrustAllSSLProvider {
// Verify-all name verifier
private final static HostnameVerifier hostNameVerifier = (hostname, session) -> true;
// Trust-all socket factory
private static final SSLSocketFactory sslSocketFactory;
static {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sc;
try {
sc = SSLContext.getInstance("TLS");
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(e);
}
try {
sc.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (KeyManagementException e) {
throw new IllegalStateException(e);
}
sslSocketFactory = sc.getSocketFactory();
}
public static HostnameVerifier getHostNameVerifier() {
return hostNameVerifier;
}
public static SSLSocketFactory getSslSocketFactory() {
return sslSocketFactory;
}
}
public static void main(String[] args) {
// System.setProperty("javax.net.debug", "ssl");
launch(args);
}
}
Error (in case there is one):
ome/bin/java -p /opt/javafx-sdk-14/lib --add-modules javafx.web Html5Webview
Loading failed
java.lang.Throwable: SSL handshake failed
at javafx.web/javafx.scene.web.WebEngine$LoadWorker.describeError(WebEngine.java:1431)
at javafx.web/javafx.scene.web.WebEngine$LoadWorker.dispatchLoadEvent(WebEngine.java:1370)
at javafx.web/javafx.scene.web.WebEngine$PageLoadListener.dispatchLoadEvent(WebEngine.java:1231)
at javafx.web/com.sun.webkit.WebPage.fireLoadEvent(WebPage.java:2514)
at javafx.web/com.sun.webkit.WebPage.fwkFireLoadEvent(WebPage.java:2359)
at javafx.web/com.sun.webkit.network.URLLoaderBase.twkDidFail(Native Method)
at javafx.web/com.sun.webkit.network.HTTP2Loader.notifyDidFail(HTTP2Loader.java:624)
at javafx.web/com.sun.webkit.network.HTTP2Loader.lambda$didFail$18(HTTP2Loader.java:606)
at javafx.web/com.sun.webkit.network.HTTP2Loader.lambda$callBackIfNotCanceled$10(HTTP2Loader.java:437)
at javafx.graphics/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:428)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
at javafx.graphics/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:427)
at javafx.graphics/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)
- duplicates
-
JDK-8246215 WebView does not care "HttpsURLConnection.setDefaultSSLSocketFactory()"
-
- Closed
-
- relates to
-
JDK-8211308 Support HTTP/2 in WebView
-
- Resolved
-
