Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8173632

Verification of Java Web Start Jar results in 'Unsigned resource' since Java 8 update 121

    Details

    • Subcomponent:
    • Introduced In Version:
    • CPU:
      x86_64
    • OS:
      windows_7

      Description

      FULL PRODUCT VERSION :
      java version "1.8.0_121"
      Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
      Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows [Version 6.1.7601]
      Microsoft Windows [Version 10.0.14393]

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      Before Testing:
      'javaws -uninstall' was called
      and Security Prompts were restored.

      A DESCRIPTION OF THE PROBLEM :
      Since updating to Java 8 update 121 our web start application fails with: 'Unsigned application requesting unrestricted access to the system'.
      And unsigned resource: 'syntheticaAddonsWithThemes-6.0.0.123104.jar'
      The same application worked with Java 8 update 111 and it is signed with a valid certificate using current algorithms.


      Verifying with Java 8 update 121 (instructions found in an Oracle Blog entry):
      jarsigner -verify -J-Djava.security.debug=jar syntheticaAddonsWithThemes-6.0.0.123104.jar >out.txt 2>&1

      Results in:
      jar verified.
      at the end.

      We have newer jar (syntheticaAddonsWithThemes-6.0.0.140843.jar) that was signed like the older one and it doesn't show that behavior. The only difference between the two Jars seems to be a slightly different META-INF/*.RSA File.

      REGRESSION. Last worked in version 8u111

      ADDITIONAL REGRESSION INFORMATION:
      java version "1.8.0_111"
      Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
      Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      We uploaded a small sample that fails at the verification step with Java 8 update 121:
      https://jre-tests.s3.amazonaws.com/not-working/webstart-notworking.jnlp

      The failing Jar is here:
      https://jre-tests.s3.amazonaws.com/not-working/clientlib/signed/syntheticaAddonsWithThemes-6.0.0.123104.jar

      To reproduce:
      1. Install Java 8 update 121
      2. Start the JNLP above.
      (it contains no Main method, so it won't execute anything and would fail afterwards)




      ----
      We also have a working sample for reference (but we don't know why one is working and one is not):
      JNLP: https://jre-tests.s3.amazonaws.com/working/webstart-working.jnlp
      JAR: https://jre-tests.s3.amazonaws.com/working/clientlib/signed/syntheticaAddonsWithThemes-6.0.0.140843.jar


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      We would expect following Java Web Start Dialog appear: "Do you want to run this application?"

      With the possibility to Click on the "Run" Button.
      (it contains no Main method, so it won't execute anything and would fail afterwards)
      The Main class in the JNLP is defined as "if.we.got.here.the.verification.was.successful.but.we.dont.get.here.with.java8.u121"
      ACTUAL -
      Dialog "Unable to launch the application" is shown.

      Screenshot taken on Windows 10:
      http://answers.axonivy.com/upfiles/java8-error-webstart.png


      And following Exception:

      JNLPException[category: Security Error : Exception: null : LaunchDesc:
      <jnlp spec="1.0+" xmlns:jfx="http://javafx.com" href="https://jre-tests.s3.amazonaws.com/not-working/webstart-notworking.jnlp">
        <information>
          <title>Not working Sample to demonstrate Webstart issue</title>
          <description>Not working Sample to demonstrate Webstart issue</description>
        </information>
        <resources>
          <j2se version="1.8+" initial-heap-size="64m" max-heap-size="512m"/>
          <jar href="https://jre-tests.s3.amazonaws.com/not-working/clientlib/signed/syntheticaAddonsWithThemes-6.0.0.123104.jar"/>
        </resources>
        <security>
          <all-permissions/>
        </security>
        <application-desc main-class="if.we.got.here.the.verification.was.successful.but.we.dont.get.here.with.java8.u121"/>
      </jnlp> ]
      at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
      at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
      at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
      at com.sun.javaws.Launcher.launch(Unknown Source)
      at com.sun.javaws.Main.launchApp(Unknown Source)
      at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
      at com.sun.javaws.Main.access$000(Unknown Source)
      at com.sun.javaws.Main$1.run(Unknown Source)
      at java.lang.Thread.run(Thread.java:745)

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      JNLPException[category: Security Error : Exception: null : LaunchDesc:
      <jnlp spec="1.0+" xmlns:jfx="http://javafx.com" href="https://jre-tests.s3.amazonaws.com/not-working/webstart-notworking.jnlp">
        <information>
          <title>Not working Sample to demonstrate Webstart issue</title>
          <description>Not working Sample to demonstrate Webstart issue</description>
        </information>
        <resources>
          <j2se version="1.8+" initial-heap-size="64m" max-heap-size="512m"/>
          <jar href="https://jre-tests.s3.amazonaws.com/not-working/clientlib/signed/syntheticaAddonsWithThemes-6.0.0.123104.jar"/>
        </resources>
        <security>
          <all-permissions/>
        </security>
        <application-desc main-class="if.we.got.here.the.verification.was.successful.but.we.dont.get.here.with.java8.u121"/>
      </jnlp> ]
      at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
      at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
      at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
      at com.sun.javaws.Launcher.launch(Unknown Source)
      at com.sun.javaws.Main.launchApp(Unknown Source)
      at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
      at com.sun.javaws.Main.access$000(Unknown Source)
      at com.sun.javaws.Main$1.run(Unknown Source)
      at java.lang.Thread.run(Thread.java:745)

      REPRODUCIBILITY :
      This bug can be reproduced always.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alitvinov Anton Litvinov
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: