United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-8016771 7u25: warning dialogue still show up even all jar files are signed
JDK-8016771 : 7u25: warning dialogue still show up even all jar files are signed

Details
Type:
Bug
Submit Date:
2013-06-17
Status:
Closed
Updated Date:
2013-06-18
Project Name:
JDK
Resolved Date:
2013-06-18
Component:
deploy
OS:
windows_7
Sub-Component:
plugin
CPU:
x86
Priority:
P2
Resolution:
Not an Issue
Affected Versions:
7u25
Fixed Versions:

Related Reports

Sub Tasks

Description
Since 7u25, we are seeing a dialog that indicates that we are trying to load an unsigned application. This is confusing because all the applet jars are signed properly and have been for years. 

The dialog does not indicate what exactly it is complaining about, and so have no idea what the problem is. The Applet is signed, all the jars within the applet are signed, and yet the dialog says something is not signed. Clicking ???More information??? does not help, there is just some text about unsigned applications, but unable to determine what component is being referenced here.
 
Warning:
This jar contains unsigned entries which have not been integrity-checked.


This jar with unsigned entries is getting loaded fine with 7u21 (which is incorrect and is a bug in 7u21) but with 7u25-b15 due to recent security fixes , we have following behavior

1) blocked at default high level
basic: exception: Your security settings have blocked a local application from running.
com.sun.deploy.security.BlockedException: Your security settings have blocked a local application from running

2) When slider is set to MEDIUM, then we allow to load it but we are showing extra unsigned warning dialog (ideally in this case also we should have blocked it)

Same applet fails to load when try to run as JNLP applet (same behavior with medium/high settings)
    at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
    at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
    at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source)
    at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
basic: exception: JAR resources in JNLP file are not signed by same certificate. 


                                    

Comments
Solution:  index.list must be signed

With 7u21 signed jars were allowed to be loaded without any unsigned warning if they contain unsigned index.list entry but this is not true anymore with 7u25. 

With 7u25 an extra unsigned warning message is shown if the jars are signing the jars first and then try to add index entries inside it. 
This issue can be resolved if changing the build routine:
   1) Create all index entries first; index.list 
   2) Then try to sign all the jars

                                     
2013-06-17



Hardware and Software, Engineered to Work Together