Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8145383

ESL app signed by expired cert with sandbox permissions is not blocked if main jar is blacklisted

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b105
    • Verification:
      Verified

      Description

      ENV: win7/x86/jre9-b96
      Steps to reproduce:
      1. Add http://kgb.us.oracle.com:8080 to Exception Site List
      2. Copy http://kgb.us.oracle.com:8080/JawsESL/lib/blacklist to JRE_HOME/lib/secuity
      3. Load jnlp that is expired ca signed and sandboxed:
      javaws http://kgb.us.oracle.com:8080/JawsESL/jnlp/testExpiredCASignedMFSandboxHello.jnlp
      4. Test URL matches ESL entry but its jar blacklisted
      5. If a security warning dialog saying "An unsigned application from the location below is requesting permission to run" show up, then this bug is reproduced. See attachment b96.png
      Expected behavior: app should be blocked

      Note: no such issue with jre9-b95. See attachment b95.png

        Attachments

        1. b95.png
          b95.png
          25 kB
        2. b96.png
          b96.png
          17 kB

          Issue Links

            Activity

              People

              Assignee:
              herrick Andy Herrick (Inactive)
              Reporter:
              wenjyang Crystal Yang (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: