Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4381193

Firefly:Security Tests for LiveConnect throw SecurityException about signer info

    XMLWordPrintable

    Details

    • Subcomponent:
    • CPU:
      generic, x86
    • OS:
      generic, windows_2000

      Description


      Tested with jdk1.3.0_01 fcs3 on WinNT Japanese, RedHatLinux6.2, Solaris8 IA and Sparc.

      Some security Test cases for LiveConnect sometimes throw SecurityException about signer infomation as below;

      java.lang.SecurityException: class "SA_US"'s signer information does not match signer information of other classes in the same package



      To reproecue;
      1. Insatall NS6 and jdk1.3.0_01 fcs version.
      2. Launch NS6 and go to the url blow;
      http://sqesvr.eng.sun.com/deployment1/ws/doc/proc/JPI_OJI.html
      3. Go to (#QL-4) Security Tests for LiveConnect and click Test case 6
      http://javaweb.eng.sun.com/~vmanda/oji/javasoft/security/pluginhtml/UA_US.html
      5. The result as below is got (ex. WinNT);
      User HOme is D:\WINNT\Profiles\administrator.000
      File not found ...
      TEST PASSED
      6. Then, click Test case 7
      http://javaweb.eng.sun.com/~vmanda/oji/javasoft/security/pluginhtml/SA_SCert_MJar.html
      8. Exception will be thrown as below;

      java.lang.SecurityException: class "SA_SCert_MJar"'s signer information does not match signer information of other classes in the same package
      at java.lang.ClassLoader.checkCerts(Unknown Source)^M
      at java.lang.ClassLoader.defineClass(Unknown Source)^M
      at java.security.SecureClassLoader.defineClass(Unknown Source)^M
      at java.net.URLClassLoader.defineClass(Unknown Source)^M
      at java.net.URLClassLoader.access$100(Unknown Source)^M
      at java.net.URLClassLoader$1.run(Unknown Source)^M
      at java.security.AccessController.doPrivileged(Native Method)^M
      at java.net.URLClassLoader.findClass(Unknown Source)^M
      at sun.applet.AppletClassLoader.findClass(Unknown Source)^M
      at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)^M
      at java.lang.ClassLoader.loadClass(Unknown Source)^M
      at sun.applet.AppletClassLoader.loadClass(Unknown Source)^M
      at java.lang.ClassLoader.loadClass(Unknown Source)^M
      at sun.applet.AppletClassLoader.loadCode(Unknown Source)
      at sun.plugin.AppletViewer.createApplet(Unknown Source)^M
      at sun.applet.AppletPanel.runLoader(Unknown Source)^M
      at sun.applet.AppletPanel.run(Unknown Source)^M
      at java.lang.Thread.run(Unknown Source)^M

      java.lang.SecurityException: class "SA_SCert_MJar"'s signer information does not match signer information of other classes in the same package^M
      at java.lang.ClassLoader.checkCerts(Unknown Source)^M
      at java.lang.ClassLoader.defineClass(Unknown Source)^M
      at java.security.SecureClassLoader.defineClass(Unknown Source)^M
      at java.net.URLClassLoader.defineClass(Unknown Source)^M
      at java.net.URLClassLoader.access$100(Unknown Source)^M
      at java.net.URLClassLoader$1.run(Unknown Source)^M
      at java.security.AccessController.doPrivileged(Native Method)^M
      at java.net.URLClassLoader.findClass(Unknown Source)^M
      at sun.applet.AppletClassLoader.findClass(Unknown Source)^M
      at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)^M
      at java.lang.ClassLoader.loadClass(Unknown Source)^M
      at sun.applet.AppletClassLoader.loadClass(Unknown Source)^M
      at java.lang.ClassLoader.loadClass(Unknown Source)^M
      at sun.applet.AppletClassLoader.loadCode(Unknown Source)^M
      at sun.applet.AppletPanel.createApplet(Unknown Source)^M
      at sun.plugin.AppletViewer.createApplet(Unknown Source)^M
      at sun.applet.AppletPanel.runLoader(Unknown Source)^M
      at sun.applet.AppletPanel.run(Unknown Source)^M
      at java.lang.Thread.run(Unknown Source)^M


      However, Test case 7 does not always throw the exception.
      If Test case 7 is excuted without any applet's excution (ex. right after NS6 is launched), the PASSED result is got.
      Then, excuting Test case 6, it will throw the same kind of exception.

      With not only case 6 and 7, but also other cases the same phenomenon is somtimes seen.
      Please excute some cases of (#QL-4) Security Tests for LiveConnect to see the problem.


      ________________________________________________________________________________
      I would like to know how to get the signer infomation.
      Coluld you please let me know that?
      In this test case, SA_SCert_MJar_1.jar and SA_SCert_MJar_2.jar are used.
      I attach these two jar files to this report.

      miki.tokunaga@japan 2000-11-16
      ________________________________________________________________________________

      The situation is same as above.
      I have not got the knowlege about the signer information yet and
      can not add any more information now.
      However, this problem need to be investitaged.

      miki.tokunaga@japan 2001-01-10
      ________________________________________________________________________________




        Attachments

          Activity

            People

            Assignee:
            stanleyh Stanley Ho (Inactive)
            Reporter:
            mmtokunasunw Mtokunaga Mtokunaga (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: