JDK-8185498 : Console log shows that cert is expired (but TSA valid) although no certs in chain is expired.
- Type: Bug
- Component: deploy
- Sub-Component: plugin
- Affected Version: 8u141
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- OS: windows_7
- CPU: x86_64
- Submitted: 2017-07-27
- Updated: 2018-05-14
- Resolved: 2017-08-17
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 10 | JDK 8 |
|---|---|
10 b23Fixed  |
8u172Fixed |
Description
FULL PRODUCT VERSION :
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
When launching an applet with either Java 8u141 or 8u144, the following warning appeared the Java console (tracing enabled):
security: The certificate has expired, need to check timestamping info
security: Timestamping info is available
security: The certificate has expired, and is timestamped in valid period
security: Start checking TSA certificate path
security: Even though certificate has expired, it is timestamped in valid period and has valid TSA
There is no warning when running with Java 8u131.
REGRESSION. Last worked in version 8u131
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Install either Java 8u144 or 8u141
2. Switch java console on
3. access https://docs.oracle.com/javase/tutorial/deployment/applet/getStarted.html
4. If you see the following log in java console, then the issue is reproduced:
===============
security: The certificate has expired, need to check timestamping info
security: Timestamping info is available
security: The certificate has expired, and is timestamped in valid period
security: Start checking TSA certificate path
security: Even though certificate has expired, it is timestamped in valid period and has valid TSA
===============
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No warning should appear in the console log
ACTUAL -
This warning appear in the console log:
security: The certificate has expired, need to check timestamping info
security: Timestamping info is available
security: The certificate has expired, and is timestamped in valid period
security: Start checking TSA certificate path
security: Even though certificate has expired, it is timestamped in valid period and has valid TSA
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Java Plug-in 11.144.2.01 x86
Using JRE version 1.8.0_144-b01 Java HotSpot(TM) Client VM
User home directory = C:\Users\u8011207
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
network: Created version ID: 1.5.0
network: Created version ID: 1.8.0
network: Created version ID: 1.8.0.144
network: Created version ID: 1.8
network: Created version ID: 1.8.0.144
network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null]
network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null]
network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null]
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre1.8.0_144/lib/ext/sunec.jar, version: null]
network: Connecting https://java.com/ga/applet/verify/JavaDetection_applet.jnlp with proxy=DIRECT
network: Connecting http://java.com:443/ with proxy=DIRECT
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts
security: Obtain certificate collection in SSL Root CA certificate store
security: Obtain certificate collection in SSL Root CA certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loaded blacklisted.certs file: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: 1928D783912AAB3DCB75BBF704FDA1A57D058CDC0D27ECF41F60CCBEB9B83E77
security: SHA-256Certificate finger print: 663636C03FD0B5B171F2B04407C3DF767B349C8A990D87CE485898166E2B5120
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Obtain certificate collection in SSL Root CA certificate store
security: Obtain certificate collection in SSL Root CA certificate store
security: Obtain certificate collection in SSL Root CA certificate store
security: Obtain certificate collection in SSL Root CA certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
network: Connecting http://s.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
security: OCSP Response: GOOD
network: Connecting http://rd.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
security: OCSP Response: GOOD
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre1.8.0_144/lib/ext/sunjce_provider.jar, version: null]
network: Connecting https://java.com/ga/applet/verify/JavaDetection_applet.jnlp with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA"
network: ResponseCode for https://java.com/ga/applet/verify/JavaDetection_applet.jnlp : 200
network: Encoding for https://java.com/ga/applet/verify/JavaDetection_applet.jnlp : null
network: Server response: (length: 605, lastModified: Sat Aug 20 19:35:04 ICT 2016, downloadVersion: null, mimeType: application/x-java-jnlp-file)
network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp, version: null]
network: Downloading resource: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
Content-Length: 605
Content-Encoding: null
network: Wrote URL https://java.com/ga/applet/verify/JavaDetection_applet.jnlp to File C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\39ba0a44-4ca39e36-temp
network: Disconnect connection to https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
network: Cache: Enable a new CacheEntry: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
network: Downloaded https://java.com/ga/applet/verify/JavaDetection_applet.jnlp: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\39ba0a44-4ca39e36
cache: Adding MemoryCache entry: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@646cbf35: 1
cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@646cbf35: 2
basic: XMLParser with _source:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp href="JavaDetection_applet.jnlp" spec="1.0+">
<information>
<title>Java Detection</title>
<vendor>Oracle Inc.</vendor>
</information>
<resources>
<!-- Application Resources -->
<j2se version="1.6+"/>
<jar href="JavaDetection.jar" />
</resources>
<security>
<all-permissions />
</security>
<applet-desc
name="Java Detection Applet"
main-class="JavaDetection"
width="1"
height="1">
</applet-desc>
<update check="background"/>
</jnlp>
network: Created version ID: 1.6+
network: Created version ID: 1.9
temp: returning LaunchDesc from XMLFormat.parse():
<jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp">
<information>
<title>Java Detection</title>
<vendor>Oracle Inc.</vendor>
<homepage href="null"/>
</information>
<security>
<all-permissions/>
</security>
<update check="background" policy="always"/>
<resources>
<java version="1.6+"/>
<jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/>
</resources>
<applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/>
</jnlp>
network: Created version ID: 1.6+
network: Created version ID: 1.8
network: Created version ID: 1.5.0
network: Created version ID: 1.8.0
network: Created version ID: 1.8.0.144
network: Created version ID: 1.8
network: Created version ID: 1.8.0.144
network: Created version ID: 1.6+
network: Created version ID: 1.8
network: Created version ID: 1.5.0
network: Created version ID: 1.8.0
network: Created version ID: 1.8.0.144
network: Created version ID: 1.8
network: Created version ID: 1.8.0.144
network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null]
basic: Plugin2ClassLoader.addURL2 called for https://java.com/ga/applet/verify/JavaDetection.jar
basic: Plugin2ClassLoader.drainPendingURLs addURL called for https://java.com/ga/applet/verify/JavaDetection.jar
network: LaunchDownload: concurrent downloads from LD: 4
network: Total size to download: -1
security: Security check for progress jars: allSigned=true
network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null]
network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null]
network: Connecting https://java.com/ga/applet/verify/JavaDetection.jar with proxy=DIRECT
network: Connecting https://java.com/ga/applet/verify/JavaDetection.jar with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA"
network: Cache entry not found [url: https://java.com/ga/im/applet/verify_anim.gif, version: null]
network: Connecting https://java.com/ga/im/applet/verify_anim.gif with proxy=DIRECT
network: Connecting http://java.com:443/ with proxy=DIRECT
network: ResponseCode for https://java.com/ga/applet/verify/JavaDetection.jar : 200
network: Encoding for https://java.com/ga/applet/verify/JavaDetection.jar : null
network: Server response: (length: 8505, lastModified: Sat Aug 20 19:35:04 ICT 2016, downloadVersion: null, mimeType: unknown)
network: Cache entry not found [url: https://java.com/ga/applet/verify/JavaDetection.jar, version: null]
network: Downloading resource: https://java.com/ga/applet/verify/JavaDetection.jar
Content-Length: 8,505
Content-Encoding: null
network: Wrote URL https://java.com/ga/applet/verify/JavaDetection.jar to File C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0-temp
network: Disconnect connection to https://java.com/ga/applet/verify/JavaDetection.jar
security: Blacklist revocation check is enabled
security: blacklist: created: NEED_LOAD, lastModified: 1501130102856
security: blacklist: check contains iBywVX7zLRzWhyAtYNcb7IDgZcQpGDUYfCnLqaKA8So=, state now NEED_LOAD
security: blacklist: loadCache
security: blacklist: not found in cache
security: Trusted libraries list check is enabled
security: Trusted libraries list file not found
cache: Create from verifier: JarSigningData{hasOnlySignedEntries=true, hasSingleCodeSource=true, hasMissingSignedEntries=false}
network: Cache: Enable a new CacheEntry: https://java.com/ga/applet/verify/JavaDetection.jar
network: Connecting https://java.com/ga/im/applet/verify_anim.gif with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA"
network: Downloaded https://java.com/ga/applet/verify/JavaDetection.jar: C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0
cache: Adding MemoryCache entry: https://java.com/ga/applet/verify/JavaDetection.jar
cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 1
network: Download Progress: jarsDone: 1
network: Created version ID: 1.6+
network: Created version ID: 1.8
network: Created version ID: 1.5.0
network: Created version ID: 1.8.0
network: Created version ID: 1.8.0.144
network: Created version ID: 1.8
network: Created version ID: 1.8.0.144
network: Created version ID: 1.6+
network: Created version ID: 1.8
basic: LaunchDesc.selectJRE( returning selected jre: JREInfo for index 3:
platform is: 1.8
product is: 1.8.0_144
location is: http://java.sun.com/products/autodl/j2se
path is: C:\Program Files (x86)\Java\jre1.8.0_144\bin\javaw.exe
args is: -Ddeployment.trace=true -Ddeployment.trace.level=all
native platform is: Windows, x86 [ x86, 32bit ]
JavaFX runtime is: JavaFX 1.8.0_144 at: C:\Program Files (x86)\Java\jre1.8.0_144\lib\ext\
enabled is: true
registered is: true
system is: true
basic: LaunchDesc location: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp
security: --- parseCommandLine converted : -Ddeployment.trace=true -Ddeployment.trace.level=all
into:
[-Ddeployment.trace=true, -Ddeployment.trace.level=all]
network: Created version ID: 1.0+
network: Created version ID: 8.20
cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 2
basic: XMLParser with _source:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp href="JavaDetection_applet.jnlp" spec="1.0+">
<information>
<title>Java Detection</title>
<vendor>Oracle Inc.</vendor>
</information>
<resources>
<!-- Application Resources -->
<j2se version="1.6+"/>
<jar href="JavaDetection.jar" />
</resources>
<security>
<all-permissions />
</security>
<applet-desc
name="Java Detection Applet"
main-class="JavaDetection"
width="1"
height="1">
</applet-desc>
<update check="background"/>
</jnlp>
network: Created version ID: 1.6+
network: Created version ID: 1.9
temp: returning LaunchDesc from XMLFormat.parse():
<jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp">
<information>
<title>Java Detection</title>
<vendor>Oracle Inc.</vendor>
<homepage href="null"/>
</information>
<security>
<all-permissions/>
</security>
<update check="background" policy="always"/>
<resources>
<java version="1.6+"/>
<jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/>
</resources>
<applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/>
</jnlp>
security: Downloaded JNLP file:
security:
<jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp">
<information>
<title>Java Detection</title>
<vendor>Oracle Inc.</vendor>
<homepage href="null"/>
</information>
<security>
<all-permissions/>
</security>
<update check="background" policy="always"/>
<resources>
<java version="1.6+"/>
<jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/>
</resources>
<applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/>
</jnlp>
security: Signed JNLP file:
security:
<jnlp spec="1.0+" codebase="https://java.com/ga/applet/verify/" href="https://java.com/ga/applet/verify/JavaDetection_applet.jnlp">
<information>
<title>Java Detection</title>
<vendor>Oracle Inc.</vendor>
<homepage href="null"/>
</information>
<security>
<all-permissions/>
</security>
<update check="background" policy="always"/>
<resources>
<java version="1.6+"/>
<jar href="https://java.com/ga/applet/verify/JavaDetection.jar" download="eager" main="false"/>
</resources>
<applet-desc name="Java Detection Applet" main-class="JavaDetection" documentbase="https://java.com/zh_CN/download/installed.jsp?detect=jre" width="1" height="1"/>
</jnlp>
cache: registerReference: com.sun.deploy.cache.MemoryCache$CachedResourceReference@10f82945: 3
security: Validating cached jar url=https://java.com/ga/applet/verify/JavaDetection.jar ffile=C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2afc474c-3f9d96d0 com.sun.deploy.cache.CachedJarFile@113071c
security: Istrusted: https://java.com/ga/applet/verify/JavaDetection_applet.jnlp false
security: Loading Deployment certificates from C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
security: Loaded Deployment certificates from C:\Users\u8011207\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Validate the certificate chain using CertPath API
security: The certificate has expired, need to check timestamping info
security: Timestamping info is available
security: The certificate has expired, and is timestamped in valid period
security: Start checking TSA certificate path
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_144\lib\security\cacerts
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Even though certificate has expired, it is timestamped in valid period and has valid TSA
security: SHA-256Certificate finger print: 5184FC1E50375F7FF3BE8F0E847759111918604DFE3CEAF1D22BA20DE1C193E1
security: SHA-256Certificate finger print: 0CFC19DB681B014BFE3F23CB3A78B67208B4E3D8D7B6A7B1807F7CD6ECB2A54E
security: SHA-256Certificate finger print: 8420DFBE376F414BF4C0A81E6936D24CCC03F304835B86C7A39142FCA723A689
security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305
security: SHA-256Certificate finger print: A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305
security: The OCSP support is enabled
security: The CRL support is enabled
network: Cache entry not found [url: https://java.com/ga/im/applet/verify_anim.gif, version: null]
network: Connecting https://java.com/ga/im/applet/verify_anim.gif with proxy=DIRECT
network: Connecting https://java.com/ga/im/applet/verify_anim.gif with cookie "ORA_FLEX_CACHE_KEY=desktop-firefox52-windows7-wow64; s_nr=1501130020361; s_cc=true; gpName=javac%3AVerify%3AInstalled_JRE_Homepage; gpChannel=javac%3AVerify; gpServer=java.com; s_sq=sunjava%3D%2526pid%253Djavac%25253AVerify%25253AInstalled_JRE_Homepage%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BagreedToTOU%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA"
network: CleanupThread used 428008 us
network: Connecting http://ocsp.verisign.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
security: OCSP Response: GOOD
network: Connecting http://ocsp.verisign.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
security: OCSP Response: GOOD
network: Connecting http://sf.symcd.com/ with proxy=HTTP @ internetproxy.int.thomsonreuters.com/10.23.30.131:8080
security: OCSP Response: GOOD
security: Certificate validation succeeded using OCSP/CRL
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
security: Verifying permission attribute in main jar: https://java.com/ga/applet/verify/JavaDetection.jar
network: Created version ID: 1.8.0.144
network: Created version ID: 1.8.0.141
basic: Dialog type is not candidate for embedding
REPRODUCIBILITY :
This bug can be reproduced always.
Comments
|