Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8135115

DRS1.3: App is not blocked when there is a invalid attribute in jnlp-checksum

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b83
    • Verification:
      Verified

      Backports

        Description

        When adding cases to cover JDK-8132336, I found that:
        when set invalid element in jnlp-checksum, for example <jnlp-checksum abc="BSAQgw8ZLyRFpOYiK4+mhQNJOmxmtNb8HNjTsyNvYaI="/>, no blocked dialog saying "Exception parsing Deployment Rule Set file" shows up.

        Steps to reproduce:
        1. Import self ca cert to JCP -> Security -> Manage Certificates -> Singer CA.
            http://kgb.us.oracle.com:8080/DRS13Manual/lib/self.valid.cert
        2. Set up DeploymentRuleSet.jar:
            http://kgb.us.oracle.com:8080/DRS13Manual/lib/DeploymentRuleSet.jar.run-Jnlp-Checksum-WithoutHash-kgb/DeploymentRuleSet.jar
            It sets a invalid element "abc" instead of "hash": <jnlp-checksum abc="BSAQgw8ZLyRFpOYiK4+mhQNJOmxmtNb8HNjTsyNvYaI="/>
            For rule set content, see http://kgb.us.oracle.com:8080/DRS13Manual/lib/DeploymentRuleSet.jar.run-Jnlp-Checksum-WithoutHash-kgb/ruleset.xml
        3. Open browser and load http://kgb.us.oracle.com:8080/DRS13Manual/html/testApps.html
        4. Launch casinged jnlp by clicking on the link testCertsignedAllpermissionJNLPNoHref.jnlp from a browser
        5. If a valid security warning dialog shows up, then this issue is reproduced.
        Expected behavior:
        An application blocked dialog saying "Exception parsing Deployment Rule Set file" should show up. For now, seems it's considered as "none match".

        Note:
        The same issue for:
        1. Set invalid value for "hash", for example, <jnlp-checksum hash="abcdefg"/>. See http://kgb.us.oracle.com:8080/DRS13Manual/lib/DeploymentRuleSet.jar.run-Jnlp-Checksum-WrongHash-kgb/ruleset.xml
        2. Set rule set version to 1.0 and with jnlp-checksum element in ruleset.xml. See http://kgb.us.oracle.com:8080/DRS13Manual/lib/DeploymentRuleSet.jar.run-Jnlp-Checksum--Version-kgb/ruleset.xml
        3. Set empty hash valure, for example, <jnlp-checksum hash=""/>.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                herrick Andy Herrick (Inactive)
                Reporter:
                wenjyang Crystal Yang (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: