United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6182603 WebStart Certificate Presentation lacks Certificate fingerprint
JDK-6182603 : WebStart Certificate Presentation lacks Certificate fingerprint

Details
Type:
Enhancement
Submit Date:
2004-10-21
Status:
Resolved
Updated Date:
2010-04-04
Project Name:
JDK
Resolved Date:
2005-03-16
Component:
deploy
OS:
solaris_9
Sub-Component:
deployment_toolkit
CPU:
sparc
Priority:
P4
Resolution:
Fixed
Affected Versions:
5.0
Fixed Versions:

Related Reports

Sub Tasks

Description
A DESCRIPTION OF THE REQUEST :
When Java WebStart initiates a signed Jar, or initiates an SSL session, it
may pop up a security warning dialog about the peer.  This warning dialog
provides some identity information drawn from the X.509 certificate, and
offers a button labeled "More Details".  If the user presses that button, a
certificate details window pops up.  The details window displays a fair
bit more information from the certificate, including subject DN, validity
interval, etc.  All of that is very good.  However, the details window does not
present the certificate 'fingerprint' or 'thumbprint'.  Those fields are often used for out-of-band verification of certificates, and are virtually impossible for a user to compute on their own.

JUSTIFICATION :
In cases where an application is using a self-signed or private certificate
for SSL or code signing, the usual PKI mechanisms for verifying the
certificate do not work.  In such cases, out-of-band verification using the
certificate fingerprint (MD5 of the cert) or thumbprint (SHA1 of the cert) can
be used.   For example, most web browsers will display the fingerprint for
a certificate in their 'Details' display.

Java 1.4.2 and Java 5.0 do not seem to have this capability.  That makes it
a little harder to work with any non-rooted X.509 certificates.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
It would be nice if the Certificate Details window included either or both
fingerprints (MD5 or SHA1) as a selectable field.   I know that the fingerprint
is not part of the actual certificate, but it is very easy to compute and could
be very helpful in some cases.
ACTUAL -
The current Certificate Details window has the following fields:
Version, Serial Number, Signature algorithm, Issuer, Subject, Validity, and
Signature.
###@###.### 10/21/04 16:37 GMT

                                    

Comments
EVALUATION

This requests new functionality in the Java Web Start/Java Plug-in common CertificateDialog.  Changing catagory to java_deployment to reflect that this is common code.
###@###.### 10/21/04 21:30 GMT

As submitter said, if you can provide us a sample code to generates the fingerprints or thumbprint, plus some screenshots from other browser, that will be very help to us to add this new feature.
###@###.### 2004-12-02 21:45:08 GMT

This bug has been putback in to b28 mustang release.

###@###.### 2005-03-03 16:12:47 GMT
                                     
2004-10-21



Hardware and Software, Engineered to Work Together