Hello Hussein, thanks for your answer.
I did read the docs and the XXE applet page at http://www.xmlmind.com/xmleditor/xxe_applet.html, as well as XXE limitations page at http://www.xmlmind.com/xmleditor/limitations.html, before writing my email, and since I didn't find anything relevant there, I decided to write you. Our certificate is still valid, and I can deploy the XXE5.3.0 applet using Java6 with it with no problems. I've done other tests today and I'd like to share the results with you, to possibly help other people still using Java6 and because I think there may be an issue deploying the XXE 5.4.0 applet with Java6. I've installed Java7u9 (latest version available as of today), re-run the same command to deploy the applet, using the same certificate, on the same machine, redeployed the resulting applet and it works OK, no certificate authentication warning (I've tested the applet with both the Java7 and the Java6 browser plugins). So, it seems that the Java6 version I was using does have some issue with XXE5.4.0's deploywebstart command. I was using Java6u33 on a 64 bit Linux system: fabman@mediaserver:~$ java -version java version "1.6.0_33" Java(TM) SE Runtime Environment (build 1.6.0_33-b04) Java HotSpot(TM) 64-Bit Server VM (build 20.8-b03, mixed mode) fabman@mediaserver:~$ I know it's not the latest one (the latest one is Java6u37), but it was the one available on that machine. I don't have time right now to test Java6u37, and I don't pretend you do that either. So, bottomline, at least on our machines (we've tested in more than one, with more than one version of Linux, both 32 and 64 bit), Java6 (probably its jarsigner program) cannot be used to generate an XXE5.4.0 applet signed with a certificate, because the browser warns you that the certificate is not valid when the applet is open. I hope this new information is helpful. Thanks again for your support. On Wed, Oct 17, 2012 at 5:35 AM, Hussein Shafie <[email protected]> wrote: > On 10/16/2012 08:54 PM, Fabián Mandelbaum wrote: >> >> Hello, >> >> we've deployed XXE 5.3.0 as an applet using the following command >> line, run from within the XXE 5.3 folder ready for deployment: >> >> ./bin/deploywebstart -jsapplet xxe -keystore ~/.keystore -storepass >> KEYSTORE_PASS -keypass KEY_PASS -alias ALIAS >> >> KEYSTORE_PASS, KEY_PASS, and ALIAS, of course replaced by the correct >> JKS keystore values. >> >> The applet works OK, no warning about a non-signed certificate shows up. >> >> Shortly after, XXE 5.4.0 came out so, we've prepared it for >> deployment, installing the same addons the XXE 5.3.0 deployment had, >> and then ran the same command line, to sign all jars with the same >> certificate to deploy on the same machine. >> >> The browser nows warns with a non-valid certificate each time XXE >> 5.4.0 applet is loaded. If we check the 'do not ask again' checkbox, >> of course the browser does not warn anymore, but we wonder what may be >> different between XXE 5.3 and XXE 5.4 > > > If you read: > > http://www.xmlmind.com/xmleditor/changes.html > > you'll see that we did nothing new related to applets. > > > > >> that now the same signing >> certificate valid for XXE 5.3 is not valid anymore (It states Editor >> UNKNOWN) for XXE 5.4. >> >> Thanks in advance for your help. >> > > Well, I'm sorry but I really don't see how I could help. > > What you describe seems to correspond either to an expired certificate or to > a bug in the class loader of the Java plug-in (generally random, often > depending the number and size of the .jar files you sign). > > On our side, we have no problem with our own certificate (Pixware SARL) when > using latest Java 1.7 (and probably also using latest Java 1.6; don't > remember). See attached screenshot. > > You can test that by yourself using this page: > > http://www.xmlmind.com/xmleditor/xxe_applet.html > > * Our applet demo is not deployed with all the add-ons found in the stock > XXE V5.4 distribution (no FOP, no Batik, no MathML, etc). > > * Our applet demo is generated using this script: > > --- > deploywebstart -applet xxe -index \ > -storetype pkcs12 \ > -keystore pixware_cert.pfx \ > -storepass YYY -keypass ZZZZ -alias pixware > --- > > The same xxe.jnlp is used for all the applets: viewer, editor1, editor2, > xxe. > -- Fabián Mandelbaum IS Engineer -- XMLmind XML Editor Support List [email protected] http://www.xmlmind.com/mailman/listinfo/xmleditor-support
