JDK-8179351 : Starting a correctly signed application working well with pre-8u121 fails
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 8u121
  • Priority: P3
  • Status: Closed
  • Resolution: Incomplete
  • OS: windows_7
  • CPU: x86_64
  • Submitted: 2017-04-24
  • Updated: 2017-06-14
  • Resolved: 2017-05-19
Related Reports
Relates :  
JDK-8173632 - Verification of Java Web Start Jar results in 'Unsigned resource' since Java 8 update 121
Description
FULL PRODUCT VERSION :
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

Problem still exists in that version

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
I can't any longer start a properly signed Webstart Application beginning from 8u121 (Bug is still in 8u131) because of a "Unsigned Ressource found in JAR" exception.
The application is singed using Java8u111.

It is exactly the behaviour described in this bug-report: https://bugs.openjdk.java.net/browse/JDK-8173632

But I don't understand why it is considered as no issue as the file mentined is created by the jarsigner.

Webstart applications signed using the current JDK 8u131 (or 8u121) mostly doesn't run on older Java versions but sporadically even not on the same JDK they signed with (multiple repeatation of the signing helps).



REGRESSION.  Last worked in version 8u111

ADDITIONAL REGRESSION INFORMATION: 
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Sign an application using 8u111 and run it using 8u121 or later.

The bug-report mentioned in the description provides a running application as test case.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Application should start.
ACTUAL -
Application fails due to a Unsigned Resource in JAR claim.

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Don't use the mentioned verions (we still are on 8u111 as our Signingprocess is automated and we need to support many differen Java versions).
Comments
Closing this as incomplete as we didn't received any response from the submitter. If we receive an update in future, may reopen this report.
14-06-2017
Sent an email to the submitter requesting additional information: "Please provide a complete stack trace or a test case for us to evaluate this better. Also suggest you to go through this release note, http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html and let us know if this clarify the concern you have around "Unsigned Resource found in JAR" exception. There is a likelihood that the application has a JAR file that is considered as unsigned because the cert file from JAR couldn't be parsed and the execution appeared as a result of additional security check introduced by the fix in JDK-8168714. However this can only be confirmed if we have additional information as requested".
19-05-2017
This could be an expected behaviour from 8u121 as "More checks added to DER encoding parsing code" which is also properly explained JDK-8173632 This scenario has already been covered in 8u121 release notes - http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html
26-04-2017