JDK-8046501 : DRS - cert based run rule doesn't work when running offline
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 7u60
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_7
  • CPU: x86
  • Submitted: 2014-06-09
  • Updated: 2015-06-03
  • Resolved: 2014-09-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u40 b09Fixed 9Fixed
Related Reports
Duplicate :  
JDK-8078893 - cert based run rule doesn't work when running offline
Description
FULL PRODUCT VERSION :
java version "1.7.0_60"
Java(TM) SE Runtime Environment (build 1.7.0_60-b19)
Java HotSpot(TM) Client VM (build 24.60-b09, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
My Java webstart application has <offline-allowed/> in the jnlp file.
The SHA256 hash of my certificate is listed in the DeploymentRuleSet.jar with <action permission="run" />
The webstart application is served from another computer in the local workgroup.
When the server computer is available the deployment rules are matched and applied as expected and the application runs with no warnings or prompts. When the server is not available and the application is started offline the certificate rule does not match and any default rule is applied. If no default rule a prompt appears asking "Do you want to run this application?" After hitting "more information" and "view certificate details" the fingerprints match the certificate that is trusted in the DeploymentRuleSet.jar


REPRODUCIBILITY :
This bug can be reproduced always.
Comments
webrev: http://oklahoma.us.oracle.com/www/webrevs/aherrick/1.9.0/8046501/deploy/webrev/ manual testcase: http://oklahoma.us.oracle.com/www/tests/1.9.0/8046501/ Crucible: https://java.se.oracle.com/code/cru/CR-JDK9CLIENT-490
15-09-2014
The problem can be reproduced (in slightly different way) by running http://oklahoma.us.oracle.com/www/tests/1.9.0/8046501/helloa.jnlp in offline mode (with the DRS cert based run rule for hello.jar). The problem is caused by FailedDownloadException from: at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)^M at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)^M at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)^M at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)^M at com.sun.deploy.model.ResourceProvider.getResource(Unknown Source)^M at com.sun.deploy.ref.CodeRef.getCodeSigners(Unknown Source)^M at com.sun.deploy.security.ruleset.RuleId.contains(Unknown Source) The two arg call to getResource() at com.sun.deploy.model.ResourceProvider calls ResourceProviderImpl with download=true. 1.) If you are in offline mode, no connection should be attempted. 2.) If you are not in offline mode but connection fails, and offline-allowed is set in jnlp file, this exception should be swallowed
08-09-2014