Ubuntu
icedtea-web package

icedtea javaws does not load Dell iDrac console

Bug #888003 reported by Luiz Angelo Daros de Luca
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Iced Tea
Fix Released
Medium
icedtea-web (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

I installed icedtea-netx and tried to use the console inside iDrac from a Dell server. However, using icedtea with openjdk, the "Warning - Security" dialog, which askes me to run or not the untrusted program, does not respond to mouse or keyboard interaction. I click or tab it and it does not work. It is just like if a "modal window" was locking it, even without other dialog but the java "Downloading..." and the dialog itself.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: icedtea-netx 1.1.3-1ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
Uname: Linux 3.0.0-12-generic x86_64
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Wed Nov 9 09:20:37 2011
ProcEnviron:
 LANGUAGE=pt_BR:
 PATH=(custom, user)
 LANG=pt_BR.UTF-8
 SHELL=/bin/bash
SourcePackage: icedtea-web
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
In , Ray Kohler (ataraxia937) wrote :

Created attachment 564
JNLP that reproduces the problem

When using Java Web Start to launch an app from a web server using an unknown cert, it is impossible to either accept the cert, or to complete the jar downloads.

Both the download window and the cert verification window appear at the same time. The downloads do not start because the certificate hasn't been accepted yet. The certificate window will not accept any mouse of keyboard input - apparently the download window blocks it.

If I download the web cert myself in some other way, and add it to trusted.certs ahead of time, the jar downloads complete as expected and the app starts.

Certificate verification prompts for jar-signer certs do not show this problem, most likely because the download window has already closed.

I haven't been able to reproduce this with Oracle's official javaws, either version 6 or 7.

This problem is 100% reproducible with the console viewer app served by Dell iDRAC 6 cards. Unfortunately, I can't provide you access to such an app - all that I use are behind my employer's firewall.

Instead, I've set up a mock-up that you can use to reproduce and test this on a machine under my control. (Note that you shouldn't expect the app to actually run properly once you do get it to download - it's just a dummy.)

To reproduce this:

1. Download my JNLP file from http://asenath.cc.cmu.edu/viewer.jnlp or just use the one attached to this bug report.
2. Run javaws on that file (without importing the webserver's cert into NetX).
3. You should now see both a download window, and a certificate verification window, both of which are unresponsive.

Revision history for this message
In , Ray Kohler (ataraxia937) wrote :

I just retested this against hg tip and the problem is still present there.

Revision history for this message
In , Ray Kohler (ataraxia937) wrote :

Unfortunately, I can no longer provide the mockup server I set up to reproduce this problem. Nor will I be available to confirm any fix that arrives for this problem.

It should be easily reproduced by requiring NetX to download jars from a webserver with an unknown self-signed cert.

Revision history for this message
In , Dbhole (dbhole) wrote :

Hi Ray.

Sorry, I've should've updated this earlier. I have a fix for this issue. I'll be posting it for review soon.

Revision history for this message
In , Dbhole (dbhole) wrote :

Pushed upstream:

http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/450aa9042b21
http://icedtea.classpath.org/hg/icedtea-web/rev/9f5ea9198a66

Revision history for this message
Luiz Angelo Daros de Luca (luizluca) wrote :
Revision history for this message
Luiz Angelo Daros de Luca (luizluca) wrote :

Hello,

This is still a problem. Access to Dell iDrac is a main requisite for enterprise use of ubuntu.

I found that it is related to this bug:

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=812

Which already have a proposed patch.

Revision history for this message
Luiz Angelo Daros de Luca (luizluca) wrote :

And this:

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=778

Revision history for this message
Luiz Angelo Daros de Luca (luizluca) wrote :

Workarround:

1) download the https certificate using you browser.
2) run: javaws -viewer
3) import the downloaded certificate as a "Trusted Certificate" (not CA)
4) try to load the console

It will still ask for the console certificate (not the http one) but this one will work as expected.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in icedtea-web (Ubuntu):
status: New → Confirmed
Revision history for this message
Matthias Klose (doko) wrote :

this should be fixed in 1.2 in precise (12.04). please recheck

Changed in icedtea-web (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Luiz Angelo Daros de Luca (luizluca) wrote :

I can confirm that the certificate problem is fixed. Thanks,

I still did not get the console up because I tested through an ssh tunnel and dell idrac kvm does not play nice with it (never did).

Revision history for this message
rooijan (rrossouw) wrote :

I apologize if there is a different thread for this but I suspect this bug is back. I get "Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed." connecting to my Dell Drac consoles from Ubuntu 12.10 and icedtea 1.3-1ubuntu1.

My cert was already in the correct spot as per post #4.

Revision history for this message
Bernhard Schrader (78luphr0rnk2nuqimstywepozxn9kl19tqh0tx66b5dki1xxsh5mkz9gl21a5rlwfnr8jn6ln0m3jxne2k9x1ohg85w3jabxlrqbgszpjpwcmvkbcvq9spp6z3w5j1m33k06tlsfszeuscyt241hasoy-launchpad-a811i2i3ytqlsztthjth0svbccw8inm65tmkqp9sarr553jq53in4xm1m8wn3o4rlwaer06ogwvqwv9mrqoku2x334n7di44o65qze67n1wneepmidnuwnde1rqcbpgdf70gtqq2x9thj5tlcsac12ab) wrote :

I now also get this problem again, i was able to workaround in old 10.10 ubuntu, but now i have the same problem like post #8 would be great if anyone could post a statement to this

Bug Watch Updater (bug-watch-updater)
Changed in icedtea:
importance: Unknown → Medium
status: Unknown → Fix Released
Revision history for this message
celtic_hackr (quiet-celt) wrote :

I can confirm this bug exists again in Ubuntu 12.04. Go to the Danish Archives, navigate to the digitized Church books, and try to open a book.
http://www.sa.dk/content/dk/ao-forside/find_kirkeboger#

At least it happens with a stock icedtea install:
$dpkg -l |grep tea
ii icedtea-6-jre-cacao 6b27-1.12.6-1ubuntu0.12.04.2 Alternative JVM for OpenJDK, using Cacao
ii icedtea-6-jre-jamvm 6b27-1.12.6-1ubuntu0.12.04.2 Alternative JVM for OpenJDK, using JamVM
ii icedtea-6-plugin 1.2.3-0ubuntu0.12.04.3 web browser plugin based on OpenJDK and IcedTea to execute Java applets
ii icedtea-netx 1.2.3-0ubuntu0.12.04.3 NetX - implementation of the Java Network Launching Protocol (JNLP)
ii icedtea-netx-common 1.2.3-0ubuntu0.12.04.3 NetX - implementation of the Java Network Launching Protocol (JNLP)
ii icedtea-plugin 1.2.3-0ubuntu0.12.04.3 web browser plugin to execute Java applets (dependency package)

This is on a fresh install, with all updates applied, and XFCE and parts of kde added (kwalletmanager and dolphin + depends).

Revision history for this message
Jarbas Peixoto Junior (jarbas-junior) wrote :

Works only with

11:17:30 root@cped227511 ~ # update-alternatives --config java
Existem 2 escolhas para a alternativa java (disponibiliza /usr/bin/java).

  Selecção Caminho Prioridade Estado
------------------------------------------------------------
  0 /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java 1061 modo automático
  1 /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java 1061 modo manual
* 2 /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java 1051 modo manual

Pressione enter para manter a escolha actual[*], ou digite o número da selecção: 1
update-alternatives: a usar /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java para disponibilizar /usr/bin/java (java) em modo manual.

11:17:30 root@cped227511 ~ # update-alternatives --config javaws
Existem 2 escolhas para a alternativa javaws (disponibiliza /usr/bin/javaws).

  Selecção Caminho Prioridade Estado
------------------------------------------------------------
  0 /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/javaws 1061 modo automático
  1 /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/javaws 1061 modo manual
* 2 /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/javaws 1060 modo manual

Pressione enter para manter a escolha actual[*], ou digite o número da selecção: 1
update-alternatives: a usar /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/javaws para disponibilizar /usr/bin/javaws (javaws) em modo manual.
11:17:39 root@cped227511 ~ #

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.