JDK-8042124 : fix to JDK-8033756 is incomplete
  • Type: Bug
  • Component: deploy
  • Affected Version: 8u5,8u11,8u20,9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2014-04-29
  • Updated: 2014-10-14
  • Resolved: 2014-05-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u71Fixed 8u20 b15Fixed 9Fixed
When a signed extension is loaded after RDF has allowed the main app to run without dialog, and we see that the extension is signed by the same cert as the main app we allowed to run, we compare the base of the extension with the base stored in the extensions lap.
However, in most cases the base has been stored in the main app's lap, not the extensions base, so the compare fails and we show the extension dialog.
We should store both the cert fingerprint and the base together in the AC (just like we store both the cert and base in the CertStore when dialog is presented for main app), and then we need to compare base of extension with base stored in AC, not base stored in lap.
Verified ok with 8u20 b17

webrev: http://oklahoma.us.oracle.com/www/webrevs/aherrick/1.9.0/8042124/deploy/webrev/

Affected tests: associationScenarios/testDesktopShortcutMultiExtensionJNLP

Steps to reproduce: 1 Make sure you can access to internet or just disable OCSP and CRL check from JCP 2 Load a jnlp that contains 3 extensions: javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/associationca/html/MultiExtTest.jnlp <resources> <j2se version="1.6+"/> <jar href="../lib/TestMain.jar"/> <extension href="ext1.jnlp"/> <extension href="ext2.jnlp"/> <extension href="ext3.jnlp"/> </resources> 3 All jar files including main jar(TestMain.jar), extension jar files(test1.jar, test2.jar, test3.jar) are singed with the same valid trusted cert. 4 A valid security warning dialog will show up. Accept it. 5 Close test app 6 A desktop shortcut will be created on desktop 7 Load test app from shortcut(or just load the same jnlp again) 8 If a security warning dialog with "Install" button shows up, then this issue is reproduced.