JDK-8077380 : JNLPSigning exception when signed jnlp is launched from local tomcat server
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 8u60,9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2015-04-10
  • Updated: 2016-01-14
  • Resolved: 2015-07-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
8u72Fixed 9 b78Fixed
Related Reports
Relates :  
Product(s) tested: jre 8u60 b09
OS/architecture: Windows x64/64
Reproducible: Always
Is it a Regression: Yes
	Tested with 8u45 and test worked fine
Is it a platform specific issue: No

Steps to reproduce:  
1. Clear webstart cache with javaws -uninstall
2. Add http://stt-13.ru.oracle.com to exception site list
3. Launch javaws http://stt-13.ru.oracle.com/newroot/testsuites/180_user_ws/aluht/JDF/EmbeddedCertificates/jnlp/testEmbedcert_normal_signedjar_signedjnlp.jnlp
4. The application gets launched successfully
5. To launch the same application from local tomcat, please download the following zip.
6. Unzip the file and deploy the contained EmbeddedCertificates folder to tomcat. Restart tomcat.
7. Launch the application locally using

   When the application is launched from local tomcat, webstart throws JNLP Signing error.
	JNLPSigningException[Failed to validate signing of launch file. The signed version does not match the downloaded version.]
		at com.sun.javaws.jnl.LaunchDesc.checkSigningTemplate(Unknown Source)
		at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedLaunchDescHelper(Unknown Source)
		at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedLaunchDesc(Unknown Source)
		at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedLaunchDesc(Unknown Source)
		at com.sun.javaws.Launcher.prepareResources(Unknown Source)
		at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
		at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
		at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
		at com.sun.javaws.Launcher.launch(Unknown Source)
		at com.sun.javaws.Main.launchApp(Unknown Source)
		at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
		at com.sun.javaws.Main.access$000(Unknown Source)
		at com.sun.javaws.Main$1.run(Unknown Source)
		at java.lang.Thread.run(Unknown Source)
Note: Please find the jnlp from tomcat launch and remote launch attached. The files differ in newline and space characters.

Changeset: afa1be7ee076 Author: stayer Date: 2015-07-24 17:43 +0300 URL: http://closedjdk.us.oracle.com/jdk9/client/deploy/rev/afa1be7ee076

Crucible review: https://java.se.oracle.com/code/cru/CR-JDK9CLIENT-1224

Vivek, what build was the issue introduced in? Is the problem reproducible with non-local tomcat?

Defer justification: It's a P3 reproducible only with tomcat server on localhost. Good enough to defer it.

I need more instructions how to run tomcat. I use simple python http server instead: uzip the EmbeddedCertificates.zip and run: $ python -m SimpleHTTPServer 8080 Then $ javaws -uninstall $ javaws Of course should be added to ESL. And I can observe the same behavior as from http://stt-13.ru.oracle.com Setting to incomplete until more information is provided.

I can't fully reproduce this issue on Linux x64 8u60b13 because remote (from stt-13) and local launches end with the following exception: java.lang.ClassNotFoundException: deploy.sqe.drivers.ResultSender at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at EmbededCertificate.setResult(Unknown Source) at EmbededCertificate.<init>(Unknown Source) at EmbededCertificate.main(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at com.sun.javaws.Launcher.executeApplication(Unknown Source) at com.sun.javaws.Launcher.executeMainClass(Unknown Source) at com.sun.javaws.Launcher.doLaunchApp(Unknown Source) at com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Thread.java:745)