FULL PRODUCT VERSION : java version "1.8.0_144" Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows [Version 6.1.7601] A DESCRIPTION OF THE PROBLEM : When launching an applet with either Java 8u141 or 8u144, the following warning appeared the Java console (tracing enabled): security: The certificate has expired, need to check timestamping info security: Timestamping info is available security: The certificate has expired, and is timestamped in valid period security: Start checking TSA certificate path security: Even though certificate has expired, it is timestamped in valid period and has valid TSA There is no warning when running with Java 8u131. REGRESSION. Last worked in version 8u131 STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : 1. Install either Java 8u144 or 8u141 2. Switch java console on 3. access https://docs.oracle.com/javase/tutorial/deployment/applet/getStarted.html 4. If you see the following log in java console, then the issue is reproduced: =============== security: The certificate has expired, need to check timestamping info security: Timestamping info is available security: The certificate has expired, and is timestamped in valid period security: Start checking TSA certificate path security: Even though certificate has expired, it is timestamped in valid period and has valid TSA =============== EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - No warning should appear in the console log ACTUAL - This warning appear in the console log: security: The certificate has expired, need to check timestamping info security: Timestamping info is available security: The certificate has expired, and is timestamped in valid period security: Start checking TSA certificate path security: Even though certificate has expired, it is timestamped in valid period and has valid TSA ERROR MESSAGES/STACK TRACES THAT OCCUR : Java Plug-in 11.144.2.01 x86 Using JRE version 1.8.0_144-b01 Java HotSpot(TM) Client VM User home directory = C:\Users\u8011207 ---------------------------------------------------- c: clear console window f: finalize objects on finalization queue g: garbage collect h: display this help message l: dump classloader list m: print memory usage o: trigger logging q: hide console r: reload policy configuration s: dump system and deployment properties t: dump thread list v: dump thread stack x: clear classloader cache 0-5: set trace level to <n> ---------------------------------------------------- network: Created version ID: 1.5.0 network: Created version ID: 1.8.0 network: Created version ID: 1.8.0.144 network: Created version ID: 1.8 network: Created version ID: 1.8.0.144 network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null] network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null] network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null] security: Accessing keys and certificate in Mozilla user profile: null security: JSS is not configured network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre1.8.0_144/lib/ext/sunec.jar, version: null] network: Connecting https://java.com/ga/applet/verify/JavaDetection_applet.jnlp with proxy=DIRECT network: Connecting http://java.com:443/ with proxy=DIRECT security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts security: Obtain certificate collection in SSL Root CA certificate store security: Obtain certificate collection in SSL Root CA certificate store security: Loading certificates from Deployment session certificate store security: Loaded certificates from Deployment session certificate store security: Loaded blacklisted.certs file: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs security: SHA-256Certificate finger print: 1928D783912AAB3DCB75BBF704FDA1A57D058CDC0D27ECF41F60CCBEB9B83E77 security: SHA-256Certificate finger print: 663636C03FD0B5B171F2B04407C3DF767B349C8A990D87CE485898166E2B5120 security: Checking if SSL certificate is in Deployment permanent certificate store security: Obtain certificate collection in SSL Root CA certificate store security: Obtain certificate collection in SSL Root CA certificate store security: Obtain certificate collection in SSL Root CA certificate store security: Obtain certificate collection in SSL Root CA certificate store security: Loading certificates from Deployment session certificate store security: Loaded certificates from Deployment session certificate store network: Connecting http://s.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080 security: OCSP Response: GOOD network: Connecting http://rd.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080 security: OCSP Response: GOOD security: Saving certificates in Deployment session certificate store security: Saved certificates in Deployment session certificate store network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre1.8.0_144/lib/ext/sunjce_provider.jar, version: null] network: Connecting https://java.com/ga/applet/verify/JavaDetection_applet.jnlp with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA" network: ResponseCode for https://java.com/ga/applet/verify/JavaDetection_applet.jnlp : 200 network: Encoding for https://java.com/ga/applet/verify/JavaDetection_applet.jnlp : null network: Server response: (length: 605, lastModified: Sat Aug 20 19:35:04 ICT 2016, downloadVersion: null, mimeType: application/x-java-jnlp-file) network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null] network: Downloading resource: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp Content-Length: 605 Content-Encoding: null network: Wrote URL https://java.com/ga/applet/verify/JavaDetection_applet.jnlp to File C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\39ba0a44-4ca39e36-temp network: Disconnect connection to https://java.com/ga/applet/verify/JavaDetection_applet.jnlp network: Cache: Enable a new CacheEntry: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp network: Downloaded https://java.com/ga/applet/verify/JavaDetection_applet.jnlp: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\39ba0a44-4ca39e36 cache: Adding MemoryCache entry: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@646cbf35: 1 cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@646cbf35: 2 basic: XMLParser with _source: <?xml version="1.0" encoding="UTF-8"?> <jnlp href="JavaDetection_applet.jnlp" spec="1.0+"> <information> <title>Java Detection</title> <vendor>Oracle Inc.</vendor> </information> <resources> <!-- Application Resources --> <j2se version="1.6+"/> <jar href="JavaDetection.jar" /> </resources> <security> <all-permissions /> </security> <applet-desc name="Java Detection Applet" main-class="JavaDetection" width="1" height="1"> </applet-desc> <update check="background"/> </jnlp> network: Created version ID: 1.6+ network: Created version ID: 1.9 temp: returning LaunchDesc from XMLFormat.parse(): <jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp"> <information> <title>Java Detection</title> <vendor>Oracle Inc.</vendor> <homepage href="null"/> </information> <security> <all-permissions/> </security> <update check="background" policy="always"/> <resources> <java version="1.6+"/> <jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/> </resources> <applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/> </jnlp> network: Created version ID: 1.6+ network: Created version ID: 1.8 network: Created version ID: 1.5.0 network: Created version ID: 1.8.0 network: Created version ID: 1.8.0.144 network: Created version ID: 1.8 network: Created version ID: 1.8.0.144 network: Created version ID: 1.6+ network: Created version ID: 1.8 network: Created version ID: 1.5.0 network: Created version ID: 1.8.0 network: Created version ID: 1.8.0.144 network: Created version ID: 1.8 network: Created version ID: 1.8.0.144 network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null] basic: Plugin2ClassLoader.addURL2 called for https://java.com/ga/applet/verify/JavaDetection.jar basic: Plugin2ClassLoader.drainPendingURLs addURL called for https://java.com/ga/applet/verify/JavaDetection.jar network: LaunchDownload: concurrent downloads from LD: 4 network: Total size to download: -1 security: Security check for progress jars: allSigned=true network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null] network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null] network: Connecting https://java.com/ga/applet/verify/JavaDetection.jar with proxy=DIRECT network: Connecting https://java.com/ga/applet/verify/JavaDetection.jar with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA" network: Cache entry not found [url: https://java.com/ga/im/applet/verify_anim.gif, version: null] network: Connecting https://java.com/ga/im/applet/verify_anim.gif with proxy=DIRECT network: Connecting http://java.com:443/ with proxy=DIRECT network: ResponseCode for https://java.com/ga/applet/verify/JavaDetection.jar : 200 network: Encoding for https://java.com/ga/applet/verify/JavaDetection.jar : null network: Server response: (length: 8505, lastModified: Sat Aug 20 19:35:04 ICT 2016, downloadVersion: null, mimeType: unknown) network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null] network: Downloading resource: https://java.com/ga/applet/verify/JavaDetection.jar Content-Length: 8,505 Content-Encoding: null network: Wrote URL https://java.com/ga/applet/verify/JavaDetection.jar to File C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0-temp network: Disconnect connection to https://java.com/ga/applet/verify/JavaDetection.jar security: Blacklist revocation check is enabled security: blacklist: created: NEED_LOAD, lastModified: 1501130102856 security: blacklist: check contains iBywVX7zLRzWhyAtYNcb7IDgZcQpGDUYfCnLqaKA8So=, state now NEED_LOAD security: blacklist: loadCache security: blacklist: not found in cache security: Trusted libraries list check is enabled security: Trusted libraries list file not found cache: Create from verifier: JarSigningData{hasOnlySignedEntries=true, hasSingleCodeSource=true, hasMissingSignedEntries=false} network: Cache: Enable a new CacheEntry: https://java.com/ga/applet/verify/JavaDetection.jar network: Connecting https://java.com/ga/im/applet/verify_anim.gif with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA" network: Downloaded https://java.com/ga/applet/verify/JavaDetection.jar: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0 cache: Adding MemoryCache entry: https://java.com/ga/applet/verify/JavaDetection.jar cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 1 network: Download Progress: jarsDone: 1 network: Created version ID: 1.6+ network: Created version ID: 1.8 network: Created version ID: 1.5.0 network: Created version ID: 1.8.0 network: Created version ID: 1.8.0.144 network: Created version ID: 1.8 network: Created version ID: 1.8.0.144 network: Created version ID: 1.6+ network: Created version ID: 1.8 basic: LaunchDesc.selectJRE( returning selected jre: JREInfo for index 3: platform is: 1.8 product is: 1.8.0_144 location is: http://java.sun.com/products/autodl/j2se path is: C:\Program Files (x86)\Java\jre1.8.0_144\bin\javaw.exe args is: -Ddeployment.trace=true -Ddeployment.trace.level=all native platform is: Windows, x86 [ x86, 32bit ] JavaFX runtime is: JavaFX 1.8.0_144 at: C:\Program Files (x86)\Java\jre1.8.0_144\lib\ext\ enabled is: true registered is: true system is: true basic: LaunchDesc location: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp security: --- parseCommandLine converted : -Ddeployment.trace=true -Ddeployment.trace.level=all into: [-Ddeployment.trace=true, -Ddeployment.trace.level=all] network: Created version ID: 1.0+ network: Created version ID: 8.20 cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 2 basic: XMLParser with _source: <?xml version="1.0" encoding="UTF-8"?> <jnlp href="JavaDetection_applet.jnlp" spec="1.0+"> <information> <title>Java Detection</title> <vendor>Oracle Inc.</vendor> </information> <resources> <!-- Application Resources --> <j2se version="1.6+"/> <jar href="JavaDetection.jar" /> </resources> <security> <all-permissions /> </security> <applet-desc name="Java Detection Applet" main-class="JavaDetection" width="1" height="1"> </applet-desc> <update check="background"/> </jnlp> network: Created version ID: 1.6+ network: Created version ID: 1.9 temp: returning LaunchDesc from XMLFormat.parse(): <jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp"> <information> <title>Java Detection</title> <vendor>Oracle Inc.</vendor> <homepage href="null"/> </information> <security> <all-permissions/> </security> <update check="background" policy="always"/> <resources> <java version="1.6+"/> <jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/> </resources> <applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/> </jnlp> security: Downloaded JNLP file: security: <jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp"> <information> <title>Java Detection</title> <vendor>Oracle Inc.</vendor> <homepage href="null"/> </information> <security> <all-permissions/> </security> <update check="background" policy="always"/> <resources> <java version="1.6+"/> <jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/> </resources> <applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/> </jnlp> security: Signed JNLP file: security: <jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp"> <information> <title>Java Detection</title> <vendor>Oracle Inc.</vendor> <homepage href="null"/> </information> <security> <all-permissions/> </security> <update check="background" policy="always"/> <resources> <java version="1.6+"/> <jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/> </resources> <applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/> </jnlp> cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 3 security: Validating cached jar url=https://java.com/ga/applet/verify/JavaDetection.jar ffile=C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0 com.sun.deploy.cache.CachedJarFile@113071c security: Istrusted: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp false security: Loading Deployment certificates from C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs security: Loaded Deployment certificates from C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs security: Loading certificates from Deployment session certificate store security: Loaded certificates from Deployment session certificate store security: Loading certificates from Deployment session certificate store security: Loaded certificates from Deployment session certificate store security: Loading certificates from Deployment session certificate store security: Loaded certificates from Deployment session certificate store security: Loading certificates from Deployment session certificate store security: Loaded certificates from Deployment session certificate store security: Validate the certificate chain using CertPath API security: The certificate has expired, need to check timestamping info security: Timestamping info is available security: The certificate has expired, and is timestamped in valid period security: Start checking TSA certificate path security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts security: Obtain certificate collection in Root CA certificate store security: Obtain certificate collection in Root CA certificate store security: Obtain certificate collection in Root CA certificate store security: Obtain certificate collection in Root CA certificate store security: Even though certificate has expired, it is timestamped in valid period and has valid TSA security: SHA-256Certificate finger print: 5184FC1E50375F7FF3BE8F0E847759111918604DFE3CEAF1D22BA20DE1C193E1 security: SHA-256Certificate finger print: 0CFC19DB681B014BFE3F23CB3A78B67208B4E3D8D7B6A7B1807F7CD6ECB2A54E security: SHA-256Certificate finger print: 8420DFBE376F414BF4C0A81E6936D24CCC03F304835B86C7A39142FCA723A689 security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305 security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305 security: The OCSP support is enabled security: The CRL support is enabled network: Cache entry not found [url: https://java.com/ga/im/applet/verify_anim.gif, version: null] network: Connecting https://java.com/ga/im/applet/verify_anim.gif with proxy=DIRECT network: Connecting https://java.com/ga/im/applet/verify_anim.gif with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA" network: CleanupThread used 428008 us network: Connecting http://ocsp.verisign.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080 security: OCSP Response: GOOD network: Connecting http://ocsp.verisign.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080 security: OCSP Response: GOOD network: Connecting http://sf.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080 security: OCSP Response: GOOD security: Certificate validation succeeded using OCSP/CRL security: Saving certificates in Deployment session certificate store security: Saved certificates in Deployment session certificate store security: Verifying permission attribute in main jar: https://java.com/ga/applet/verify/JavaDetection.jar network: Created version ID: 1.8.0.144 network: Created version ID: 1.8.0.141 basic: Dialog type is not candidate for embedding REPRODUCIBILITY : This bug can be reproduced always.
|