Java applet pack200获取了CRL的gz版本

时间:2015-04-09 09:27:35

标签: java https applet

我有一个applet。有一个参数:-Djnlp.packEnabled,设置为true。当我调用applet时,会抛出异常:

security: Loaded certificates from Deployment session certificate store
security: Failing over to CRLs: Certificate does not specify OCSP responder
network: Connecting http://crl.certum.pl/ctnca.crl with proxy=DIRECT
network: Connecting http://crl.certum.pl:80/ with proxy=DIRECT
network: Connecting http://crl.certum.pl/ctnca.crl with cookie "__lc.visitor_id.1022046=S1428490531.71525d8539"
network: Downloading resource: http://crl.certum.pl/ctnca.crl
    Content-Length: 456
    Content-Encoding: pack200-gzip
ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key Revocation Status Unknown
security: Revocation Status Unknown
com.sun.deploy.security.RevocationChecker$StatusUnknownException: Certificate does not specify OCSP responder
    at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
    at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
    at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
...
    Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException: sun.security.provider.certpath.PKIX$CertStoreTypeException: java.util.zip.ZipException: Not in GZIP format
        at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
        ... 74 more
    Caused by: sun.security.provider.certpath.PKIX$CertStoreTypeException: java.util.zip.ZipException: Not in GZIP format
        at sun.security.provider.certpath.URICertStore.engineGetCRLs(Unknown Source)
        at java.security.cert.CertStore.getCRLs(Unknown Source)
        at sun.security.provider.certpath.DistributionPointFetcher.getCRL(Unknown Source)
        at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
        at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
        at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
        ... 75 more
    Caused by: java.util.zip.ZipException: Not in GZIP format
        at java.util.zip.GZIPInputStream.readHeader(Unknown Source)
        at java.util.zip.GZIPInputStream.<init>(Unknown Source)
        at java.util.zip.GZIPInputStream.<init>(Unknown Source)
        at com.sun.deploy.net.HttpDownloadHelper.download(Unknown Source)
        at com.sun.deploy.cache.Cache$6.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.deploy.cache.Cache.downloadResourceToCache(Unknown Source)
        at com.sun.deploy.cache.DeployFileOutputStream.close(Unknown Source)
        at java.io.FilterOutputStream.close(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.close(Unknown Source)
        ... 81 more
network: Connecting http://evca.ocsp.certum.pl/ with proxy=DIRECT
network: Connecting http://evca.ocsp.certum.pl:80/ with proxy=DIRECT
network: Connecting http://evca.ocsp.certum.pl/ with cookie "__lc.visitor_id.1022046=S1428490531.71525d8539"
security: OCSP Response: GOOD
security: Invalid certificate from HTTPS server

但是当我将pack200选项更改为false时,不会抛出异常并且验证正常。

security: Loaded certificates from Deployment session certificate store
security: Failing over to CRLs: Certificate does not specify OCSP responder
network: Connecting http://crl.certum.pl/ctnca.crl with proxy=DIRECT
network: Connecting http://crl.certum.pl:80/ with proxy=DIRECT
network: Connecting http://crl.certum.pl/ctnca.crl with cookie "__lc.visitor_id.1022046=S1428490531.71525d8539"
network: Downloading resource: http://crl.certum.pl/ctnca.crl
    Content-Length: 456
    Content-Encoding: null
network: Wrote URL http://crl.certum.pl/ctnca.crl to File C:\Users\artur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3073915a-57f574c8-temp
cache: Adding MemoryCache entry: http://crl.certum.pl/ctnca.crl
network: Connecting http://evca.ocsp.certum.pl/ with proxy=DIRECT
network: Connecting http://evca.ocsp.certum.pl:80/ with proxy=DIRECT
network: Connecting http://evca.ocsp.certum.pl/ with cookie "__lc.visitor_id.1022046=S1428490531.71525d8539"
security: OCSP Response: GOOD
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store

为什么服务器获得CRL的gzip版本?我认为参数pack200仅适用于applet本身。有没有解决方法?

0 个答案:

没有答案
相关问题
最新问题