After installing java jre update 1.8.0_131 or higher, users can no longer launch the Spectrum OneClick client.

Article Id: 6537

Status: Published

Updated On: 13-10-2019 11:44

Products:

CA Spectrum - OneClick , CA Spectrum - Reporting , CA Spectrum - Integrations , CA Spectrum - Alarms & Event Management

Issue/Introduction:

After installing java jre update 1.8.0_131 or higher, users can no longer launch the Spectrum OneClick client. The following exceptions is thrown:

Error: Unsigned application requesting unrestricted access to system

The following resource is signed with a weak message digest algorithm MD5 and is treated as unsigned:

http://localhost/spectrum/lib/clienttopo.jar;no_javaws_cheat
http://localhost/spectrum/lib/contrib/clientslm.jar;no_javaws_cheat

The exception shows:

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Cause:

Oracle has updated their security policy announcing that JRE versions released starting with 1.8.0_131 in April 2017 will not trust MD5-signed jars. Please review the announcement for dates and JRE versions:

https://blogs.oracle.com/java-platform-group/entry/oracle_jre_will_no_longer
https://www.java.com/en/jre-jdk-cryptoroadmap.html

Environment:

Spectrum 9.4.4
Spectrum 10.0, 10.1.x

Resolution:

You need to either upgrade Spectrum to 10.2 or 10.2.1 or remove the md5 requirement for java jre on each client machine that upgrades to java 1.8.0_131 or greater:

In the java.security file (you may need to find this file, however it generally will be in a folder similar to):

C:\Program Files (x86)\Java\<jre version>\lib\security

Change this line to remove the MD5 entry:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

To this:

jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024

Then relaunch the OneClick client.

Additional Information:

CA product advisory:

https://support.ca.com/phpdocs/7/7832/7832_oracle-jre_product-advisory-02022017.pdf