JDK-8035421 : Unexpeced multi-click dialog shows up when doing ocsp and crl check for Javafx application
  • Type: Bug
  • Component: deploy
  • Sub-Component: javafx
  • Affected Version: 8
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2014-02-20
  • Updated: 2014-03-26
  • Resolved: 2014-02-21
Related Reports
Duplicate :  
JDK-8028691 - loading browser proxy via config script should not trigger JAR download
Description
Steps to reproduce:
1. Open JCP->Advanced->"Check for certificate revocation using":  Check "Both CRLs and OCSP" 
2. Set "Auto-detect proxy settings for this network" or Automatic proxy configuration URL: http://wpad.us.oracle.com/wpad.dat
3. Launch singed FX application: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXOcspAndCrlCheck/html/testSoftFailAccessRevocation_JNLP.html
4. There will be a multi-click waring dialog shown up saying "Unable to ensure the certificate used to identify this application has not been revoked"
5. Accept this multi-click dialog
6 A valid security warning dialog with title "Security Information" will show up.
7 Accept it. The fx app will fail get loaded with "ClassNotFound" exception.

Expected behavior: A valid security warning dialog will show up directly after load the fx app and no multi-click dialog

Note:
1. Set a single, specific proxy, etc cn-proxy,jp.oracle.com:80, app will get loaded successfully. 
2. Disable OCSP and CRL check form JCP, app will get loaded successfully
3. It works fine for applet, jnlp applet, jnlp and javafx applet
applet:  http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/OcspAndCrlCheck/html/testSoftFailAccessRevocation.html
jnlp applet:http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/OcspAndCrlCheck/html/testSoftFailAccessRevocation_JNLP.html
jnlp: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/JawsOcspAndCrlCheck/jnlp/testSoftFailAccessRevocationJNLP.jnlp
javafx applet: http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/FXOcspAndCrlCheck/html/testSoftFailAccessRevocation.html
Comments
From the stack trace, I believe this is duplicate of 8028691. This is already fixed in 9 client and I cannot reproduce the bug with 9 client nightly builds. security: Revocation Status Unknown com.sun.deploy.security.RevocationChecker$StatusUnknownException: Certificate does not specify OCSP responder at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source) at com.sun.deploy.security.RevocationChecker.check(Unknown Source) at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source) at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source) at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source) at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source) at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source) at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.access$000(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$1.next(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$1.hasMoreElements(Unknown Source) at java.net.URLClassLoader$3$1.run(Unknown Source) at java.net.URLClassLoader$3$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader$3.next(Unknown Source) at java.net.URLClassLoader$3.hasMoreElements(Unknown Source) at sun.misc.CompoundEnumeration.next(Unknown Source) at sun.misc.CompoundEnumeration.hasMoreElements(Unknown Source) at sun.misc.CompoundEnumeration.next(Unknown Source) at sun.misc.CompoundEnumeration.hasMoreElements(Unknown Source) at java.util.ServiceLoader$LazyIterator.hasNextService(Unknown Source) at java.util.ServiceLoader$LazyIterator.access$600(Unknown Source) at java.util.ServiceLoader$LazyIterator$1.run(Unknown Source) at java.util.ServiceLoader$LazyIterator$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.util.ServiceLoader$LazyIterator.hasNext(Unknown Source) at java.util.ServiceLoader$1.hasNext(Unknown Source) at javax.script.ScriptEngineManager.initEngines(Unknown Source) at javax.script.ScriptEngineManager.access$000(Unknown Source) at javax.script.ScriptEngineManager$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.script.ScriptEngineManager.init(Unknown Source) at javax.script.ScriptEngineManager.<init>(Unknown Source) at com.sun.deploy.net.proxy.SunAutoProxyHandler.getProxyInfo(Unknown Source) at com.sun.deploy.net.proxy.DynamicProxyManager.getProxyList(Unknown Source) at com.sun.deploy.net.proxy.DeployProxySelector.select(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivileged(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivileged(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source) at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source) at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source) at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source) at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source) at com.sun.deploy.cache.DeployCacheHandler.get(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivileged(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivileged(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.security.provider.certpath.URICertStore.engineGetCRLs(Unknown Source) at java.security.cert.CertStore.getCRLs(Unknown Source) at sun.security.provider.certpath.DistributionPointFetcher.getCRL(Unknown Source) at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source) at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source) at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source) at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source) at com.sun.deploy.security.RevocationChecker.check(Unknown Source) at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source) at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source) at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source) at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source) at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source) at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source) at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source) at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source) at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source) ... 100 more
21-02-2014