Java1.7.0u71可以';t加载1.7.0u67可以加载的小程序
我有一个签名的Java小程序,在v7u67中可以很好地加载,但在v7u71中它不再加载。此外,尽管JAR和Java1.7.0u71可以';t加载1.7.0u67可以加载的小程序,java,applet,signing,Java,Applet,Signing,我有一个签名的Java小程序,在v7u67中可以很好地加载,但在v7u71中它不再加载。此外,尽管JAR和标记非常相似,但小程序在本地机器上的测试服务器上的v7u71中仍然可以正常加载。在这两种情况下,网站都是通过HTTPS访问的(尽管测试服务器使用HTTPS的自签名证书) 完整的跟踪/调试日志可在中找到,并提供以下注释 security: Expected Main URL: https://popcornmanager.com/manager/grid.1.2.8e.jar basic: P
标记非常相似,但小程序在本地机器上的测试服务器上的v7u71中仍然可以正常加载。在这两种情况下,网站都是通过HTTPS访问的(尽管测试服务器使用HTTPS的自签名证书)
完整的跟踪/调试日志可在中找到,并提供以下注释
security: Expected Main URL: https://popcornmanager.com/manager/grid.1.2.8e.jar
basic: Plugin2ClassLoader.addURL parent called for https://popcornmanager.com/manager/grid.1.2.8e.jar
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
network: Cache entry not found [url: https://popcornmanager.com/manager/grid.1.2.8e.jar, version: null]
network: Connecting https://popcornmanager.com/manager/grid.1.2.8e.jar with proxy=DIRECT
network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunec.jar, version: null]
basic: Loading Java Applet ...
network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunjce_provider.jar, version: null]
network: Connecting http://popcornmanager.com:443/ with proxy=DIRECT
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Obtain certificate collection in SSL Root CA certificate store {x2}
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loaded blacklisted.certs file: D:\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: E0E41A12187A9196056D01CC1774D98FED57B0B6FD8A035C815C35073EB0A54B
security: SHA-256Certificate finger print: 09ED6E991FC3273D8FEA317D339C02041861973549CFA6E1558F411F11211AA3
security: SHA-256Certificate finger print: 18F8A7A151B4EC280898093DF5BD537CA099CC277405D0281DE0DADFD14420DA
security: SHA-256Certificate finger print: 58D017279CD4DC63ABDDB196A6C9906C30C4E08783EAE8C1609954D69355596B
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Obtain certificate collection in SSL Root CA certificate store {x4}
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
...
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
...
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
...
[try to load https://popcornmanager.com/manager/grid.1.2.8e.jar again]
[try to load https://popcornmanager.com/manager/com/popcornmanager/datagrid/DataGrid.class as above but doesn't throw an exception, twice]
java.lang.ClassNotFoundException: com.popcornmanager.datagrid.DataGrid
...
basic: load: class com.popcornmanager.datagrid.DataGrid not found.
java.lang.ClassNotFoundException: com.popcornmanager.datagrid.DataGrid
...
Ignored exception: java.lang.ClassNotFoundException: com.popcornmanager.datagrid.DataGrid
basic: Dialog type is not candidate for embedding
security: Reset deny session certificate store
basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@764254
security: Reset deny session certificate store
根据Java的规则,某些证书似乎是无效的,但v7u67确实认为它是有效的。我不知道它是否是代码签名证书的HTTPS证书(两者都有效)。HTTPS通过了浏览器的验证测试
测试可在以下位置查看
我所研究的:
- 在Windows上尝试了Chrome、Firefox和IE,都显示出相同的症状
- 尝试了
和
标记,代码路径中有或没有.class
- 查看了更新中修复的所有bug,似乎没有一个能够解释这种行为变化
- 将Java安全设置设置为最小(“中等”),将站点添加到异常列表,并手动将HTTPS证书添加到Java证书中(看起来代码证书是在安全对话框中单击“记住”时自动添加的)
非常感谢上述匿名人士。这一次,我花了整整5个工作日来对付这个问题(每次他们更新我时,我都会与之抗争,试图找到一个解决方案,而不是回滚到一个非常旧的7u55 JRE!输出似乎表明问题出在代码签名证书而不是SSL证书上。您是否验证了代码签名证书的根CA在Java的已知CA列表中该列表在更新67和更新71之间更改。最终根CA是“AddTrust External CA root”,我可以在7u45和7u71根列表中找到它(没有立即可用的7u67).List正在使用。条目完全相同。是否有任何方法可以更好地确定导致问题的证书以及原因?我是否应该联系代码签名证书的颁发者(该证书仍然有效)?哎呀。我刚刚注意到您最上面的异常是一个SSLHandshakeException,这表明HTTPS证书存在问题,而不是代码签名证书。然而,我刚刚编写了一个小程序,将您的.jar提供给URLClassLoader和
classLoader.loadClass(“com.popcornmanager.datagrid.datagrid”)
使用Java 1.7.0_72对我来说效果非常好。我已经放弃了这一点。1.7.0_71/1.7.0_72仍然存在问题,但当天发布的Java 8(1.8.0_25)仍然有效,所以我建议大家改用Java 8。谢谢你的帮助。