JDK-8030990 : Cannot start applet signed with VeriSign certificate
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 8
  • Priority: P2
  • Status: Resolved
  • Resolution: Duplicate
  • OS: windows_7
  • Submitted: 2013-12-20
  • Updated: 2014-01-06
  • Resolved: 2014-01-06
Related Reports
Duplicate :  
Duplicate :  
Description
FULL PRODUCT VERSION :
java version "1.8.0-ea"
Java(TM) SE Runtime Environment (build 1.8.0-ea-b120)
Java HotSpot(TM) Client VM (build 25.0-b62, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
Cannot start applet signed with VeriSign certificate. An error message dialog is displayed:
Caption:
   Application Blocked for Security
Text:
   Failed to validate certificate.
   The application will not be executed.

Some certificate details:

Version: V3
Signature Algorithm: [SHA1withRSA]
Issuer: CN=VeriSign Class 3 Code Signing 2010 CA,
 OU=Terms of use at https://www.verisign.com/rpa (c)10,
 OU=VeriSign Trust Network,
 O="VeriSign, Inc.",
 C=US
Validity: [From: Thu Aug 29 02:00:00 CEST 2013,
 To: Sun Aug 30 01:59:59 CEST 2015]


REGRESSION.  Last worked in version 7u45

ADDITIONAL REGRESSION INFORMATION:
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) Client VM (build 24.45-b08, mixed mode, sharing)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try starting an applet signed with a VeriSign class 3 certificate

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Normal applet start
ACTUAL -
Applet start fails with an error message dialog

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Error Message dialog
Caption:
   Application Blocked for Security
Text:
   Failed to validate certificate.
   The application will not be executed.

More Information... ->

java.lang.ClassCastException: com.sun.deploy.security.X509CertificateWrapper cannot be cast to sun.security.x509.X509CertImpl
at sun.security.provider.certpath.OCSPResponse.verify(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)


REPRODUCIBILITY :
This bug can be reproduced always.
Comments
duplicate of JDK-8029788 (fixed in b122)
06-01-2014

Cannot reproduce on JDK8-b122 nightly from Dec 31st.
31-12-2013

To be verified as a duplicate using JDK 8-b122.
31-12-2013

This is a dup of https://bugs.openjdk.java.net/browse/JDK-8029788
24-12-2013

This also happens on Mac running verify java from https://java.com/en/download/installed.jsp?detect=jre)
24-12-2013

JI Review: Verisign cert/applet issue. Apparent regression from 7u45 to 8.
24-12-2013