United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: 7157778 NoSuchMethodException on NetscapeCertTypeExtension method get(String name)
7157778 : NoSuchMethodException on NetscapeCertTypeExtension method get(String name)

Details
Type:
Bug
Submit Date:
2012-03-29
Status:
Resolved
Updated Date:
2012-06-27
Project Name:
JDK
Resolved Date:
2012-06-27
Component:
deploy
OS:
generic
Sub-Component:
deployment_toolkit
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
8
Fixed Versions:
8

Related Reports
Backport:
JDK-2226288 - NoSuchMethodException on NetscapeCertTypeExtension method get(String name)

Sub Tasks

Description
Steps to reproduce:
1. make sure JRE 8 if present is disabled by using Java Control Panel.
2. run javaws http://nicole1.us.oracle.com:8080/JavawsMustangIntegTest/https/https_selfcert.jnlp

Will see application failed to launch with detail exception:
java.lang.NoSuchMethodError: sun.security.x509.NetscapeCertTypeExtension.get(Ljava/lang/String;)Ljava/lang/Boolean;
	at com.sun.deploy.security.CertUtils.getNetscapeCertTypeBit(CertUtils.java:334)
	at com.sun.deploy.security.DeployCertPathChecker.check(DeployCertPathChecker.java:95)
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
	at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
	at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.validator.Validator.validate(Validator.java:236)
	at sun.security.validator.Validator.validate(Validator.java:205)
	at com.sun.deploy.security.TrustDecider.validateChain(TrustDecider.java:596)
	at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:911)
	at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(AppPolicy.java:261)
	at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(JNLPSignedResourcesHelper.java:577)
	at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(JNLPSignedResourcesHelper.java:192)
	at com.sun.javaws.Launcher.prepareResources(Launcher.java:1558)
	at com.sun.javaws.Launcher.prepareAllResources(Launcher.java:872)
	at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:422)
	at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:259)
	at com.sun.javaws.Launcher.launch(Launcher.java:169)
	at com.sun.javaws.Main.launchApp(Main.java:529)
	at com.sun.javaws.Main.continueInSecureThread(Main.java:337)
	at com.sun.javaws.Main$1.run(Main.java:189)
	at java.lang.Thread.run(Thread.java:722)

Comments
EVALUATION

Incompatilbe change from JDK security library class:
http://hg.openjdk.java.net/jdk8/jdk8/jdk/diff/afb6f2370cd3/src/share/classes/sun/security/x509/NetscapeCertTypeExtension.java

This change represent signature change:
- public Object get(String name) throws IOException {
+ public Boolean get(String name) throws IOException {

With this change deploy.jar built with JDK8 not able to run with JRE 7 or earlier.
The only way to fix this in deployment code is to use reflection.  However, security team should (re)evaluate:
1. is the direct dependency from deploy to the security class NetscapeCertTypeExtension is valid.
2. if yes, then should this incompatible change be reverted.
3. if no, what are the options to fix now and future improvements.
2012-03-29


Hardware and Software, Engineered to Work Together