United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6913898 Need providing user friendly message when encounting exception for pre-trusted certificate
JDK-6913898 : Need providing user friendly message when encounting exception for pre-trusted certificate

Details
Type:
Bug
Submit Date:
2010-01-04
Status:
Closed
Updated Date:
2010-09-16
Project Name:
JDK
Resolved Date:
2010-06-01
Component:
deploy
OS:
windows_nt
Sub-Component:
deployment_toolkit
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
6u18
Fixed Versions:
6u21 (b01)

Related Reports
Backport:

Sub Tasks

Description
When customer is running a Java store application, sometimes you will get this exception:

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: java.io.IOException: Response is unreliable: its validity interval is out-of-date
    at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
    at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
    at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
    at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
    at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.launch(Unknown Source)
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main$1.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException: java.io.IOException: Response is unreliable: its validity interval is out-of-date
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
    at java.security.cert.CertPathValidator.validate(Unknown Source)
    ... 16 more
Caused by: java.io.IOException: Response is unreliable: its validity interval is out-of-date
    at sun.security.provider.certpath.OCSPResponse$SingleResponse.<init>(Unknown Source)
    at sun.security.provider.certpath.OCSPResponse$SingleResponse.<init>(Unknown Source)
    at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
    at sun.security.provider.certpath.OCSPChecker.check(Unknown Source)
    ... 20 more

This is due to the system clock on user's machine doesn't setup correctly.

The Java store application is signed by Sun pre-trusted certificate, which is going to check revocation OCSP by default, if the system clock isn't setup correctly, it will throw the above exception occasionally.

                                    

Comments
EVALUATION

We should provide more meanningful user friendly message to user for this kind of issue, the current message is misleading.
                                     
2010-01-04



Hardware and Software, Engineered to Work Together