JDK-8139323 : JNLPSignedResourcesHelperTest shows regression caused by JDK-8129600
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 7u95,8u72,9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2015-10-09
  • Updated: 2017-07-27
  • Resolved: 2015-10-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u101Fixed 8u72Fixed 9 b89Fixed
JDK-8129600 caused a regression causing any javafx application with an embedded certificate in it's jnlp file to fail.
The problem is we use the warmupVerifier on the cert embedded in the jnlp file, which can result in calling into TrustDecider to grant trust to the embedded cert before the jar using that cert has even been downloaded.
This will now fail due to the addition of the code in TrustDecider to enusre all entries in the jar are signed by the given cert.  In this case there is no real jar yet.

Verified with jre9-b179 on win7/x86/IE11

Assuming we want to keep the embedded certificate functionality, we need to fix the regression with changeset in : crucible review: https://java.se.oracle.com/code/cru/CR-JDK9CLIENT-1416

the regression was ported to 8u72 and 7u95 (see JDK-8129600) The problem this fix causes is that when JavaFX app has jnlp file with an embedded certificate, we will now fail to verify the embedded certificate and throw Exception. Though this use case is not real common, the FX Packager used to package jnlp applications using an embedded certificate, so there will be deployed applications with this problem. therefore I see that this is 8u72 and 7u95 critical-watch.