我有一个签名的Java小程序,在v7u67中加载完全正常,但是v7u71不再加载。此外,虽然JAR和<object>
标签非常相似,但是我的测试服务器上的app7仍然可以在v7u71中正常加载。在这两种情况下,都使用HTTPS访问网站(尽管测试服务器使用HTTPS的自签名证书)。
完整的跟踪/调试日志位于http://pastebin.com/7JNavVVq,下面是悬崖笔记。
security: Expected Main URL: https://popcornmanager.com/manager/grid.1.2.8e.jar
basic: Plugin2ClassLoader.addURL parent called for https://popcornmanager.com/manager/grid.1.2.8e.jar
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
network: Cache entry not found [url: https://popcornmanager.com/manager/grid.1.2.8e.jar, version: null]
network: Connecting https://popcornmanager.com/manager/grid.1.2.8e.jar with proxy=DIRECT
network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunec.jar, version: null]
basic: Loading Java Applet ...
network: Cache entry not found [url: file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunjce_provider.jar, version: null]
network: Connecting http://popcornmanager.com:443/ with proxy=DIRECT
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Obtain certificate collection in SSL Root CA certificate store {x2}
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loaded blacklisted.certs file: D:\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: E0E41A12187A9196056D01CC1774D98FED57B0B6FD8A035C815C35073EB0A54B
security: SHA-256Certificate finger print: 09ED6E991FC3273D8FEA317D339C02041861973549CFA6E1558F411F11211AA3
security: SHA-256Certificate finger print: 18F8A7A151B4EC280898093DF5BD537CA099CC277405D0281DE0DADFD14420DA
security: SHA-256Certificate finger print: 58D017279CD4DC63ABDDB196A6C9906C30C4E08783EAE8C1609954D69355596B
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Obtain certificate collection in SSL Root CA certificate store {x4}
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
...
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
...
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
...
[try to load https://popcornmanager.com/manager/grid.1.2.8e.jar again]
[try to load https://popcornmanager.com/manager/com/popcornmanager/datagrid/DataGrid.class as above but doesn't throw an exception, twice]
java.lang.ClassNotFoundException: com.popcornmanager.datagrid.DataGrid
...
basic: load: class com.popcornmanager.datagrid.DataGrid not found.
java.lang.ClassNotFoundException: com.popcornmanager.datagrid.DataGrid
...
Ignored exception: java.lang.ClassNotFoundException: com.popcornmanager.datagrid.DataGrid
basic: Dialog type is not candidate for embedding
security: Reset deny session certificate store
basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@764254
security: Reset deny session certificate store
根据Java的规则,某些证书似乎无效,但v7u67确实认为它是有效的。我无法判断它是否是代码签名证书的HTTPS证书(两者都有效)。 HTTPS通过浏览器&#39;验证测试。
可以在https://popcornmanager.com/test/TestDataGrid.php看到测试。
我已经研究过:
<applet>
,尝试<object>
和.class
个标记。答案 0 :(得分:2)
查看您的JAVA高级设置面板设置并尝试检查TLS 1.0并取消选中TLS 1.1和TLS 1.2。
我一直在讨论一个问题,即我的雇主的IT人员将JAVA JRE 8 u92推送到我的开发机器,我无法再访问我们开发并存储在测试服务器上的应用程序。
这种情况每隔6到12个月发生在我身上好几年,我一直在卸载他们最新的JRE并重新安装版本7u55,这解决了这个问题。它开始的时候他们将我从7u55更新到7u71或72,这是我记忆中最好的。
这一次,我想继续调查并尝试一下,看看我是否能弄明白为什么它总是打破新的JRE。我曾经尝试过所有我能找到的东西,由多个人追溯到3年前发布的帖子,并且直到我看到Source Forge上的某个人的匿名帖子才开始工作。
我的设置已经检查了TLS 1.0,1.1和1.2。该人在理论上说,这应该是好的,服务器应该选择它想要的任何一个。但是简单地取消检查1.1和1.2让我恢复正常运行!
然而,仍然有一个很大的谜团。我仔细检查了一下,我的同事的笔记本电脑已经检查了TLS 1.0,1.1和1.2,并且她可以使用新的JRE 8u92更新运行我们的应用程序!她有相同的笔记本电脑型号,相同的操作系统,相同版本的IE11,相同版本的JAVA,JAVA面板中的所有相同设置(在修改我的TLS之前),IE中的相同设置,相同的可信站点等。我们没有理由认为其中一个人的行为与另一个人不同。 任何遇到类似问题的人都应该尝试在他们的JAVA高级设置面板中取消选中TLS1.1和1.2。 非常感谢上述匿名人士。这次我花了整整5个工作日与之斗争(每次他们更新我时都会与它斗争,试图找到一个解决方案,而不是回到一个非常古老的7u55 JRE!