Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8055179

Security Dialog for unsigned jnlp still different in jnlp Application case.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 8u20, 9
    • Fix Version/s: 8u40
    • Component/s: deploy
    • Environment:

      win7/x64/jre8u20-b25/jre9-b26

    • Subcomponent:
    • Resolved In Build:
      b06

      Backports

        Description

        According to comments in JDK-8014361, non-signed jnlp with insecure properties will not show warning prompt in attachment. And according to Andy, "greed upon changes were implemented under different bugs".
        But I still can reproduce this issue.
        Steps to reproduce:
        1. Import self signed ca self.valid.cert to have a valid trusted cert
        Open JCP -> Security -> Manage Certificates - Singer CA,import http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/lib/self.valid.cert
        2. Load non-signed jnlp with JAR properly signed:
        http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargsjarsign/jnlp/testsignedvmWrong.jnlp
        The property in jnlp are not correct.
        3. If a security warning with title "Security Warning" shows up and in more info dialog it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......", then this issue is reproduced. See attached jarsign.png

        Note:
        1. If all jar and jnlp are signed, app still failed with jre9-b26 and 8u20-b25 due to:
        java.lang.NullPointerException
          at com.sun.javaws.JnlpxArgs.execProgram(Unknown Source)
          at com.sun.javaws.Launcher.relaunch(Unknown Source)
          at com.sun.javaws.Launcher.prepareResources(Unknown Source)
          at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
          at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
          at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
          at com.sun.javaws.Launcher.launch(Unknown Source)
          at com.sun.javaws.Main.launchApp(Unknown Source)
          at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
          at com.sun.javaws.Main.access$000(Unknown Source)
          at com.sun.javaws.Main$1.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
        all signed test app: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testsignedvmWrong.jnlp
        But if run above all signed jnlp with 8u5-13, a fatal error dialog will show up instead of NPE. See attachment 8u5-wrong-property.png

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                herrick Andy Herrick (Inactive)
                Reporter:
                wenjyang Crystal Yang (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: