Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6848574

REGRESSION:getCodeSigners()return null for a signed jar file

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2
    • Resolution: Duplicate
    • Affects Version/s: 6u14
    • Fix Version/s: 6u18
    • Component/s: deploy
    • Labels:
    • Subcomponent:
    • CPU:
      x86
    • OS:
      windows_xp

      Description

      There is a fatal regression with Java Web Start 1.6.0_14.
      With Java Web Start 1.6.0_13 all is working. The method getClass().getProtectionDomain().getCodeSource().getCodeSigners() return
      null for a signed jar file with Java Web Start 1.6.0_14.
      The same code in an applet is working with Java 1.6.0_14.

      The attached signed sample jar file use the follow lines:

                  ProtectionDomain domain = getClass().getProtectionDomain();
                  System.err.println(domain);
                  System.err.println(domain.getCodeSource());
                  System.err.println(domain.getCodeSource().getCodeSigners());

      And it print the follow output:

      ProtectionDomain (http://dell28/HelpDesk/classes/DialogTest.jar <no signer certificates>)

       com.sun.jnlp.JNLPClassLoader@1dfafd1
       <no principals>
       java.security.Permissions@ca0115 (
       (java.net.SocketPermission dell28 connect,accept,resolve)
       (java.io.FilePermission C:\Users\Volker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4de16a24-296b297c read)
       (java.security.AllPermission <all permissions> <all actions>)
      )
      (http://dell28/HelpDesk/classes/DialogTest.jar <no signer certificates>)
      null
       
      You can see all permsision are granted which means the certificate was detected.
      But there is no certificate. Their application need the certificate to verify the
      access rights of self loaded jar files.

      The problem seems more critical, if a jnlp application has more as one signed jar file
      then it also does not run. See the log output below. They only have one certificat,
      so be sure the certificate is identical.

      logfile:

      Java Web Start 1.6.0_14

      Using JRE version 1.6.0_14-b08 Java HotSpot(TM) Client VM

      User home directory = C:\Dokumente und Einstellungen\Administrator

      ----------------------------------------------------
      c:?? clear console window
      f:?? finalize objects on finalization queue
      g:?? garbage collect
      h:?? display this help message
      m:?? print memory usage
      o:?? trigger logging
      p:?? reload proxy configuration
      q:?? hide console
      r:?? reload policy configuration
      s:?? dump system and deployment properties
      t:?? dump thread list
      v:?? dump thread stack
      0-5: set trace level to <n>

      ----------------------------------------------------

      Reading certificates from 121972 http://bln/HelpDesk7/classes/Dialog.jar | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52\49060774-6f46d447.idx

      Reading certificates from 31344 http://bln/HelpDesk7/classes/CC-Viewer.jar | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55\ac1d2f7-1ffaf060.idx

      #### Java Web Start Error:
      #### JAR resources in JNLP file are not signed by same certificate

        Attachments

          Activity

            People

            • Assignee:
              igor Igor Nekrestyanov (Inactive)
              Reporter:
              tyao Ting-Yun Ingrid Yao (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: