Firefox 52.4.1上的Java Applet“ ClassNotFoundException”-在IE

时间:2019-04-12 09:21:04

标签: java ssl firefox applet pkcs#11

我们需要在Firefox 52.4.1(与Java Applet兼容的最新版本)和Internet Explorer 11上运行使用Java 8 Applet(病态)的旧Web应用程序。

该applet基于Java 8,由Apache Tomcat服务器分发。 它经过签名和混淆(Proguard)。

用户通过智能卡的SSL相互身份验证连接到网站(客户端需要PKCS11模块才能从智能卡获取证书)。 SSL相互身份验证也可以通过Java Applet完成。

所有证书均由在每个浏览器,Windows和Java证书存储区中添加的代理人签名。

以下是HTML代码:

<object classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' id='AsapiObject'>
    <param name='archive' value='../../../applet/myapplet.jar'/>
    <param name='code' value='main.package.Main'/>
    <param name='name' value='My Applet'/>
    <param name='mayscript' value='true'/>
    <comment>
        <applet id='AsapiApplet'
                name='My Applet'
                archive='../../../applet/myapplet.jar'
                code='main.package.Main'
                MAYSCRIPT="MAYSCRIPT">
        </applet>
    </comment>
</object>

https://docs.oracle.com/javase/8/docs/technotes/guides/jweb/applet/using_tags.html#applet的以下建议)

它在IE 11上运行良好,而不在Mozilla Firefox 52.4.1上运行良好。 两者的JRE相同。

在Mozilla Firefox 52.4.1上,我有一个Java异常:

java.lang.ClassNotFoundException: main.package.Main
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:748)

在发生此异常之前,我有一个handshake failure exception

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
    at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
    at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
    at sun.net.www.protocol.jar.URLJarFile.retrieve(URLJarFile.java:205)
    at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:71)
    at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:109)
    at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
    at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$800(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:748)

我认为Firefox无法从智能卡正确导入客户端证书。

编辑:Java控制台中还有另外两个有趣的行:

security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured

通过增加调试模式(-Djavax.net.debug=all),我看到了:

  • Internet Explorer:

    *** ServerHelloDone
    
    [read] MD5 and SHA1 hashes:  len = 4
    0000: 0E 00 00 00                                        ....
    ssl: KeyMgr: getting aliases: [XXXXXXX (verified: OK), YYYYYYYYYYYYYY]
    ssl: Ignoring alias XXXXXXX (1): key algorithm does not match
    ssl: Ignoring alias XXXXXXX: key algorithm does not match
    ssl: Ignoring alias XXXXXXX (2): key algorithm does not match
    ssl: KeyMgr: no matching alias found
    ssl: Ignoring alias XXXXXXX (1): key algorithm does not match
    ssl: Ignoring alias XXXXXXX: key algorithm does not match
    ssl: Ignoring alias XXXXXXX (2): key algorithm does not match
    ssl: KeyMgr: no matching alias found
    *** Certificate chain
    chain [0] = [
    ...
    
  • Mozilla Firefox:

    *** ServerHelloDone
    [read] MD5 and SHA1 hashes:  len = 4
    0000: 0E 00 00 00                                        ....
    Warning: no suitable certificate found - continuing without client authentication
    *** Certificate chain
    <Empty>
    ***
    

我尝试/检查了很多东西:

  • 检查IAS_PKCS11模块是否在Firefox上正确安装:

Firefox PKCS11 module

我真的需要帮助。

有什么主意吗? (我无法将applet切换到另一件事-我没有这个选择)

1 个答案:

答案 0 :(得分:0)

问题似乎出在您的提供https的Web服务器上。

随机Google抛出Mozilla Security Blog。在使用的Firefox版本中,默认情况下SHA-1被禁用(52)。 MD5是SHA-1较差的哈希算法。

因此,大概您至少应该更新Web服务器。如果您迫切希望继续使用应该进行装箱的软件,那么我想您可能仍在Firefox中使用配置选项,或者使用版​​本51,但我真的不建议这样做。