JDK-4683318 : Plug-in unable to load classes from a web server requiring a client certificate
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 1.4.0
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_nt
  • CPU: x86
  • Submitted: 2002-05-10
  • Updated: 2002-07-31
  • Resolved: 2002-07-31
Related Reports
Duplicate :  
Description

Name: gm110360			Date: 05/10/2002


FULL PRODUCT VERSION :
java version "1.4.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)

FULL OPERATING SYSTEM VERSION :

Windows NT Version 4.0

ADDITIONAL OPERATING SYSTEMS :

Windows 2000 Professional

A DESCRIPTION OF THE PROBLEM :
I trying to deploy a applet that is hosted on a web server
that requires client certificates. The certificate is
imported into the browser and the browser can connect okay
on it's own. However, the plug-in can not seem to connect
to load the required class/jar files.

Since the default browser SSL stuff doesn't seem to work,
I'm trying to use plug-in JVM startup parameters to specify
the keystore and truststore files. Using
javax.net.debug=all. I can see that the keystore and
truststore are loaded and all certificates are found.
However, the plug-in does not seem to use the keystore
correctly because the server does not receive any client
certificates.

It looks like the Plug-in uses different protocol handling
packages than the regular JRE so that it can leverage the
browsers HTTPS implementation. I've noticed that these
packages don't seem to initialize the SSL context the same
way. At any rate, I don't get the same debugging traces.
Specifically, I never get the trace that ays the context
has been initialized. I was thinking that this may be
causing the client certificate problem.

I've tried to set the protocol handling packages manually
with a JVM startup-up parameter, but the plug-in ignores it
(the regular JRE does not). The plug-in always uses it's
own packages to load applet classfiles.

This seems to be a bootstrap phenomenon, because I can set
all of these system properties at runtime after the applet
begins execution. Unfortunately, I need the keystore to be
used when loading the applet class/jar files before my
applet begins execution.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1.Configure the web server to require client certs
2.Using keytool create a keystore with a client cert that
is trusted by the server.
3.Configure the Applet control panel to use the new keystore
4.Deploy an applet on the web server and try to load the
applet


EXPECTED VERSUS ACTUAL BEHAVIOR :
Expected: applet loads and runs.

Actual: receive class not found exception.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
keyStore is : C:\TEMP\ns.p12

keyStore type is : pkcs12

init keystore

init keymanager of type SunX509

found key for : test_cert

...

Thread-3, SEND SSL v3.0 ALERT:  warning, description = no_certificate

...

load: class CheckPlugInApplet.class not found.

java.lang.ClassNotFoundException: CheckPlugInApplet.class

	at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:151)

	at sun.plugin.security.PluginClassLoader.findClass
(PluginClassLoader.java:189)

	at java.lang.ClassLoader.loadClass(ClassLoader.java:306)

	at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:112)

	at java.lang.ClassLoader.loadClass(ClassLoader.java:262)

	at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:478)

	at sun.applet.AppletPanel.createApplet(AppletPanel.java:548)

	at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1621)

	at sun.applet.AppletPanel.runLoader(AppletPanel.java:477)

	at sun.applet.AppletPanel.run(AppletPanel.java:290)

	at java.lang.Thread.run(Thread.java:536)

Caused by: java.io.IOException: open HTTP connection failed.

	at sun.applet.AppletClassLoader.getBytes(AppletClassLoader.java:224)

	at sun.applet.AppletClassLoader.access$100(AppletClassLoader.java:40)

	at sun.applet.AppletClassLoader$1.run(AppletClassLoader.java:141)

	at java.security.AccessController.doPrivileged(Native Method)

	at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:138)

	... 10 more

java.lang.ClassNotFoundException: CheckPlugInApplet.class

	at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:151)

	at sun.plugin.security.PluginClassLoader.findClass
(PluginClassLoader.java:189)

	at java.lang.ClassLoader.loadClass(ClassLoader.java:306)

	at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:112)

	at java.lang.ClassLoader.loadClass(ClassLoader.java:262)

	at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:478)

	at sun.applet.AppletPanel.createApplet(AppletPanel.java:548)

	at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1621)

	at sun.applet.AppletPanel.runLoader(AppletPanel.java:477)

	at sun.applet.AppletPanel.run(AppletPanel.java:290)

	at java.lang.Thread.run(Thread.java:536)

Caused by: java.io.IOException: open HTTP connection failed.

	at sun.applet.AppletClassLoader.getBytes(AppletClassLoader.java:224)

	at sun.applet.AppletClassLoader.access$100(AppletClassLoader.java:40)

	at sun.applet.AppletClassLoader$1.run(AppletClassLoader.java:141)

	at java.security.AccessController.doPrivileged(Native Method)

	at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:138)

	... 10 more


This bug can be reproduced always.

---------- BEGIN SOURCE ----------
Class loading problem, no source code required.
---------- END SOURCE ----------

CUSTOMER WORKAROUND :
None found yet.
(Review ID: 146286) 
======================================================================