Our system admins have upgraded JJRE 1.8.0_341-b31 to 1.8.0_35 1-b31 post which we are unable to run the web-console version 6.10.41 Dollar. With upgraded JRE we get below exception:
JNLPException[category: Security Error : Exception: null : LaunchDesc:
....
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
Release : 6.10.41
Component: ADLRUN : DOLLAR UNIVERSE
The cause of the issue is that the upgrade package of JRE 1.8.0.351_b31 have disabled SHA-1 Signed JARs. Please refer the release notes of JRE8u351 for more details.
The jars of Univiewer WebConsole are signed by SHA-1 and henceforth resulting in error in java debug console.
ERROR: Unsigned application requesting unrestricted access to system
Unsigned resource: http://WEBCONSOLE_URL/uvc/jars/PubCommon.jar
Unsigned resource: http://WEBCONSOLE_URL/uvc/jars/PubClient.jar
Recommendation:
Interim Resolution
Follow below step to resolve the issue
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves, \
SHA1 denyAfter 2019-01-01
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves
To determine the algorithm used for signing jars can be done by running below command and looking for specific algorithm
JAR Algorithm Validation