Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8029788

Certificate validation - java.lang.ClassCastException

    Details

    • Subcomponent:
    • Resolved In Build:
      b122
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description


        It appears to be a regression in JRE8-b119 as signed applet failed to load due to certificate validation failure.
        The issue caused by java.lang.ClassCastException: com.sun.deploy.security.X509CertificateWrapper cannot be cast to sun.security.x509.X509CertImpl

        The same applet loaded fine if using JRE8-b118

        *** Tested Configurations
        - x86 Win7
        - IE 9, FF 25 ,GC 31
        - jre 8-b118, b119

        *** Steps to reproduce:
        0) Install jre 8-b119
        1) Enable the certificate revocation checks by default
        2) Use any browser to load the signed test applet:
        http://www.oxygenxml.com/demo/AuthorDemoApplet/author-component-dita.html

        Wait for applet resources to download and at the end, if you see the certificate validation failed due to java.lang.ClassCastException: com.sun.deploy.security.X509CertificateWrapper cannot be cast to sun.security.x509.X509CertImpl, the issue is reproducible

        The problem does not occur if using jre 8-b118

          Issue Links

            Activity

            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/68c31754f925
            User: vinnie
            Date: 2013-12-17 23:05:18 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/68c31754f925 User: vinnie Date: 2013-12-17 23:05:18 +0000
            Hide
            tyao Ting-Yun Ingrid Yao (Inactive) added a comment -
            Oralce Forms reported the same issue -

            Steps to Reproduce (be specific):

            1)Install the latest JDK8 Buld 120 on windows 7.

            2)Run the below given URL:-
            http://adc2180645.us.oracle.com:8888/forms/frmservlet.

            3)An application Blocked security warning is displayed as "Falied to validate certificate and the application will not be executed".On clicking More Information button you can see the below exception list:
            java.lang.ClassCastException: com.sun.deploy.security.X509CertificateWrapper cannot be cast to sun.security.x509.X509CertImpl
            at sun.security.provider.certpath.OCSPResponse.verify(Unknown Source)
            at sun.security.provider.certpath.OCSP.check(Unknown Source)
            at sun.security.provider.certpath.OCSP.check(Unknown Source)
            at sun.security.provider.certpath.OCSP.check(Unknown Source)
            at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
            at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
            at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
            at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
            at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
            at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source)
            at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
            at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
            at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
            at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
            at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
            at java.security.AccessController.doPrivileged(Native Method)
            at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
            at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
            at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
            at java.security.AccessController.doPrivileged(Native Method)
            at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
            at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
            at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
            at java.security.AccessController.doPrivileged(Native Method)
            at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
            at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
            at java.lang.ClassLoader.loadClass(Unknown Source)
            at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
            at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
            at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)


            4)On Clicking the OK button an application error is thrown which states that "User has denied the privileges to the code".Please refer attachment "JDK8_B120.jpg" attached with the same mail.

            Show
            tyao Ting-Yun Ingrid Yao (Inactive) added a comment - Oralce Forms reported the same issue - Steps to Reproduce (be specific): 1)Install the latest JDK8 Buld 120 on windows 7. 2)Run the below given URL:- http://adc2180645.us.oracle.com:8888/forms/frmservlet . 3)An application Blocked security warning is displayed as "Falied to validate certificate and the application will not be executed".On clicking More Information button you can see the below exception list: java.lang.ClassCastException: com.sun.deploy.security.X509CertificateWrapper cannot be cast to sun.security.x509.X509CertImpl at sun.security.provider.certpath.OCSPResponse.verify(Unknown Source) at sun.security.provider.certpath.OCSP.check(Unknown Source) at sun.security.provider.certpath.OCSP.check(Unknown Source) at sun.security.provider.certpath.OCSP.check(Unknown Source) at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source) at com.sun.deploy.security.RevocationChecker.check(Unknown Source) at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source) at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source) at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source) at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source) at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source) at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) 4)On Clicking the OK button an application error is thrown which states that "User has denied the privileges to the code".Please refer attachment "JDK8_B120.jpg" attached with the same mail.
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/68c31754f925
            User: lana
            Date: 2013-12-24 18:59:06 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/68c31754f925 User: lana Date: 2013-12-24 18:59:06 +0000
            Hide
            zailiu Kevin Liu (Inactive) added a comment -
            java/security/cert/CertPathValidator/OCSP/ValidateUsingOCSPCache.java have passed since B122
            Show
            zailiu Kevin Liu (Inactive) added a comment - java/security/cert/CertPathValidator/OCSP/ValidateUsingOCSPCache.java have passed since B122
            Hide
            asakharu Aleksandr Sakharuk (Inactive) added a comment -
            RULE closed/java/security/cert/CertPathValidator/OCSP/ValidateUsingOCSPCache.java Exception java.lang.ClassCastException: X509CertificateWrapper cannot be cast to sun.security.x509.X509CertImpl
            Show
            asakharu Aleksandr Sakharuk (Inactive) added a comment - RULE closed/java/security/cert/CertPathValidator/OCSP/ValidateUsingOCSPCache.java Exception java.lang.ClassCastException: X509CertificateWrapper cannot be cast to sun.security.x509.X509CertImpl

              People

              • Assignee:
                vinnie Vincent Ryan
                Reporter:
                hungnguy Hung Nguyen (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: