Bug ID: JDK-6783308 Browser certificates should not be loaded unless needed

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6	JDK 7
6u14 b02Fixed	7Fixed

Processing following JNLP file causes initialization of HTTPS handler that does load browser certificates
on startup (from static initializer).
However, there are no https connections created and certificates are not used.

<jnlp spec="1.0+" version="1.0.0" codebase="http://dl.javafx.com/" href="Decora__V1.0.0.jnlp">
<information>
<title>Effects Framework</title>
<vendor>Sun Microsystems, Inc.</vendor>
<homepage href="https://scenegraph-effects.dev.java.net/"/>
<offline-allowed/>
</information>
<security>
<all-permissions/>
</security>
<resources/>
<resources os="Windows" arch="x86">
<jar href="Decora-SSE__V1.0.0.jar" part="Decora" download="eager"/>
<nativelib href="Decora-SSE-natives-windows-i586__V1.0.0.jar" part="Decora" download="eager"/>
<jar href="Decora-HW__V1.0.0.jar" part="Decora" download="lazy"/>
<jar href="Decora-D3D__V1.0.0.jar" part="Decora" download="lazy"/>
<nativelib href="Decora-D3D-natives-windows-i586__V1.0.0.jar" part="Decora" download="lazy"/>
<jar href="Decora-OGL__V1.0.0.jar" part="Decora" download="lazy"/>
<extension name="jogl" href="jogl.jnlp" version="1.1.1">
<ext-download ext-part="jogl" download="lazy"/>
</extension>
</resources>
<resources os="Mac OS X">
<jar href="Decora-SSE__V1.0.0.jar" part="Decora" download="eager"/>
<nativelib href="Decora-SSE-natives-macosx__V1.0.0.jar" part="Decora" download="eager"/>
</resources>
<resources os="Linux">
<jar href="Decora-HW__V1.0.0.jar" part="Decora" download="lazy"/>
<jar href="Decora-OGL__V1.0.0.jar" part="Decora" download="lazy"/>
<extension name="jogl" href="jogl.jnlp" version="1.1.1">
<ext-download ext-part="jogl" download="lazy"/>
</extension>
</resources>
<component-desc/>
</jnlp>

EVALUATION Test results for tentative fix show ~2% improvement on minimal FX applications. Note that app_jws_swing and app_swing had not show any significant change and this is fine as they do not use FX extensions. ============================================================================== logs/app_fx_test: Benchmark Samples Mean Stdev Geomean Weight startup2 10 1745.49 13.90 app_fx_app 10 3717.10 17.28 0.25 app_fx_jws 10 2306.20 60.09 0.25 app_jws_swing 10 1615.60 10.91 0.25 app_swing 10 670.40 4.72 0.25 ============================================================================== logs/app_fx_test.new: Benchmark Samples Mean Stdev %Diff P Significant startup2 10 1722.72 7.81 1.30 0.000 Yes app_fx_app 10 3643.80 17.76 1.97 0.000 Yes app_fx_jws 10 2220.30 23.97 3.72 0.001 Yes app_jws_swing 10 1620.40 16.39 -0.30 0.452 * app_swing 10 671.90 0.32 -0.22 0.342 * ============================================================================== * - Not Significant: A non-zero %Diff for the mean could be noise. If the %Diff is 0, an actual difference may still exist. In either case, more samples would be needed to detect an actual difference in sample means.

10-12-2008

EVALUATION Initialization of https handler happens because JNLP file mentions https URL in the homepage tag. One obvious thing to fix is that we should delay loading certificates until first connection is created. However, we probably should not instantiate https handler at all as homepage attribute is not really needed to start webstart application. Perhaps parsing XML descriptor we can be more lazy.

10-12-2008