我们需要在Firefox 52.4.1(与Java Applet兼容的最新版本)和Internet Explorer 11上运行使用Java 8 Applet(生病)的旧Web应用程序。
applet基于Java 8,由Apache Tomcat服务器分发。 它是签名和混淆的(Proguard)。
用户使用智能卡通过SSL相互身份验证连接到网站(客户端需要PKCS11模块才能从智能卡获取证书)。 SSL相互身份验证也是使用Java Applet完成的。
所有证书都由在每个浏览器,Windows和Java证书库中添加的autority签名。
这里是HTML代码:
name='My Applet'
archive='../../../applet/myapplet.jar'
code='main.package.Main'
MAYSCRIPT="MAYSCRIPT">
它在IE 11上工作正常,而不是在Mozilla Firefox 52.4.1上工作。 两者都是相同的JRE。
在Mozilla Firefox 52.4.1上,我有一个Java异常:
java.lang.ClassNotFoundException: main.package.Main
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
在此异常之前,我有一个handshake failure exception :
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.retrieve(URLJarFile.java:205)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:71)
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:109)
at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$800(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
我认为Firefox无法从智能卡正确导入客户端证书。
编辑:Java控制台中还有另外两个有趣的行:
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
通过增加调试模式( -Djavax.net.debug=all ),我看到:
IE浏览器 :*** ServerHelloDone [read] MD5 and SHA1 hashes: len = 4 0000: 0E 00 00 00 .... ssl: KeyMgr: getting aliases: [XXXXXXX (verified: OK), YYYYYYYYYYYYYY] ssl: Ignoring alias XXXXXXX (1): key algorithm does not match ssl: Ignoring alias XXXXXXX: key algorithm does not match ssl: Ignoring alias XXXXXXX (2): key algorithm does not match ssl: KeyMgr: no matching alias found ssl: Ignoring alias XXXXXXX (1): key algorithm does not match ssl: Ignoring alias XXXXXXX: key algorithm does not match ssl: Ignoring alias XXXXXXX (2): key algorithm does not match ssl: KeyMgr: no matching alias found *** Certificate chain chain [0] = [ ...
火狐浏览器 :*** ServerHelloDone [read] MD5 and SHA1 hashes: len = 4 0000: 0E 00 00 00 .... Warning: no suitable certificate found - continuing without client authentication *** Certificate chain ***
我试过/检查了很多东西:
检查Firefox上是否正确安装了IAS_PKCS11模块:
使用或而不是 。
在Java配置中的高级安全性参数中尝试了很多组合
禁用一些安全检查(CRL等)。
编辑 :根据JDK-6975851 , JSS doc , NSS版本 ,我已经构建了基于NSS 3.28.3的JSS_4_4_20170313和带有VS2019 + Windows Kit 10工具和库,Java 8的NSPR 4.13.1 。我已经安装了DLL文件(jss4。 dz,libplc4.dll,libnspr4.dll,libplds4.dll)在Mozilla Firefox目录中,jss4.jar在jre_path / lib / ext目录中。 所有这些努力都没有成功...... :(
我真的需要帮助。
任何想法? (我无法将applet切换到另一件事 - 我没有这个选择)
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
