[#JRA-6895] Applet missing certificate

JIRA

Applet missing certificate

Created: 03/Jun/05 07:18 AM Updated: 30/Jul/06 07:35 PM

Component/s:

Installation

Affects Version/s:

3.2

Fix Version/s:

3.2.1

Time Tracking:

Not Specified

File Attachments:

Doc1.doc (249 kB)
2.

screenshot.jar (13 kB)
3.

working applet.doc (116 kB)

Participants:	Anton Mazkovoi [Atlassian], Lars and Scott Farquhar [Atlassian]
Since last comment:	3 years, 25 weeks, 3 days ago
Resolution Date:	09/Jun/05 11:46 PM
Labels:

Description

« Hide

After upgrading to 3.2 we can no longer attach screenshots to issues.

We get the following error:

Did you forget to sign the applet?

I get the same error trying to attach at screenshot at jira.atlassian.com.

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Scott Farquhar [Atlassian] added a comment - 05/Jun/05 02:16 AM

Can you please let us know the exact browser version that you are running, and also the java version you are running?

Can you also verify on any other browser, and let us know how you go?

Cheers,
Scott

[ Permlink | « Hide ]

Lars added a comment - 05/Jun/05 02:51 AM

This is tested With Firefox 1.0.4 and Explorer 6.00.2900.2180.

JAVA tested: JDK 1.4x and 5.0 (1.5).

Regards,
Lars

[ Permlink | « Hide ]

Anton Mazkovoi [Atlassian] added a comment - 06/Jun/05 12:19 AM

Hi Lars,

We actually signed the applet with a 'proper' certificate, signed by Thawte.

The problem you are seeing seems very similar to the one described here:
http://segal.org/java/SigningTest2/index.html

There are also some forum threads on the subject:
http://forum.java.sun.com/thread.jspa?threadID=561995&tstart=210

Are you using the final release of JRE 1.5? The page claims that the problem is fixed in teh final release of 1.5.

Would you be able to test the applet on a machine where JRE 1.5 is not installed, and only the 1.4 JRE is. Does it work there?

Thanks,
Anton

[ Permlink | « Hide ]

Lars added a comment - 06/Jun/05 12:25 AM

Please see attached screenshot where signing works. This is from seagal.org. This is tested with the computer that JIRA fails on. So it must be your signing that fails.

I've tested it on a machine with JRS 1.4. This fails to.

[ Permlink | « Hide ]

Anton Mazkovoi [Atlassian] added a comment - 06/Jun/05 05:23 AM

Hi Lars,

I have reproduced the problem locally, but only with JDK 1.5. I had to remove JDK 1.5 from the system comletely to get the applet to work with JDK 1.4.

I believe the problem is described here:
http://www.codecomments.com/Java_Security/message499279.html

> The problem was due to the fact that I was signing the application with
> a certificate that wasn't suitable for code-signing. It was an SSL
> certificate (SSL certificates don't have code-signing extensions).

> You need to make sure you're signing your applet with a certificate that
> is suitable for code signing. Note that jarsigner in 1.4 and 1.5 will
> happily sign your code with an unsuitable certificate without indicating
> that there might be a problem. (They will both even verify that the jar
> has been signed.)

We do indeed sign the applet with a normal SSL certificate, which seems to be enough for JDK 1.4 but not 1.5.

We have put a request for the Code Signing Certificate. Hopefully it will arive in time for JIRA 3.2.1.

Thanks a lot for reporting the problem.

Anton

[ Permlink | « Hide ]

Anton Mazkovoi [Atlassian] added a comment - 06/Jun/05 05:34 AM

In the mean time please replace secure/applet/screenshot.jar with screenshot.jar attached to this issue and restart JIRA.

Please note that the attached screenshot.jar is not signed by an authorised certificate.

Thanks,
Anton

[ Permlink | « Hide ]

Lars added a comment - 06/Jun/05 01:30 PM

Anton,

Thank you. The attached jar solves the problem.

By the way, i was wrong in my previous comment. The problem only occurs with 1.5 not with 1.4.

Regards,
Lars

[ Permlink | « Hide ]

Anton Mazkovoi [Atlassian] added a comment - 09/Jun/05 11:46 PM

We purchased the Code Signing Certificate and it looks like it fixes the problem for JDK 1.5.