Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8060719

TrustDecider.checkMainJarManifest will fail for fx app with embedded certificate.

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b12
    • Verification:
      Verified

      Backports

        Description

        The packager generates a jnlp file with:
          <jfx:details>
             <jfx:certificate-path> ...
             </jfx:certificate-path>
          </jfx:details>
        in this case, the certificate is pre-verified (while the jars are downloaded) using a CodeSource that has this certificate but a location based on the jnlp file.

        The code in TrustDecider.checkMainJarManifest() assumes the CodeSource refers to a jar, and tries to open that jar to see if it has the main class, and if so if it has a permission manifest attribute.
        When the exception is caught from :
            new JarFile(ResourceProvider.get().getCachedResourceFilePath(cs.getLocation(), ver), false);
        a SecurityException is thrown, and the app is blocked for not having a permissions attribute.

        We need to recognize this situation and not block

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                herrick Andy Herrick (Inactive)
                Reporter:
                herrick Andy Herrick (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: