×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Permissions on Postx Jar for CRES

Unanswered Question
Nov 17th, 2013
User Badges:

Hi,


When I try to read an incoming secure message (CRES Registered Envelope) using a browser, I get the following error regarding missing permissions on a Postx jar:


msg1.jpg


If I continue to run, I get the following second message. I cannot decrypted the message locally on my desktop.


msg2.jpg

I installed Java and the CRES toolkit (can't remember the exact name) some time ago as I was prompted to do so on my first attempt to read a registered envelope.


Any idea how to recover from this? Is there a newer version of the toolkit for CRES/PostX that may solve this problem?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Miller Mon, 11/18/2013 - 00:42
User Badges:

The first prompt is to download the Java applet that is used to decrypt messages that contain attachments, assuming you are trying to open the envelope locally.  I assume you said "run" to that message.  The Java applet needs a supported Java Virtual Machine (JVM) to run in in the browser you are using to open the envelope.  The second message is implying that you don't have a JVM or not one that is enabled.  Is Java enabled in your browser?  Do you notice in your Windows notification bar if Java has been invoked?  Can you turn on Java console (Windows control panel) to see if Java is being invoked and not encountering an error?


Next question is how you are opening the envelope.  Are you opening the html attachment in a browser?  (Which browser?)  Can you try clicking on the open online link at the bottom right hand corner of the envelope.  This avoids using the Java applet altogether and is a useful workaround.  If you can open the message that way it will help us pin down the error you are getting.


Finally you mention a CRES toolkit.   Are you referring to the Java applet or a previous version of that?  The fact you are being prompted to download something suggests you are getting the latest version.

johnsmith1000 Mon, 11/18/2013 - 19:22
User Badges:

Hi David,


Thanks for your response. Here are some more detail:


I saved the attachment on disk and then tried opening it with couple of browsers (Firefox and Chrome), all with same result. I'd rather not use the Online option as that is against our policy (i.e. sending the encrypted envelop to Cisco for decryption). But I turned on full debug/trace and a complete report is attached. In a nutshell:


- The following jar seems to be causing the problem:


http://applet.postx.com/dist/EnvelopeTools51.jar


- Per trace messages, the Jar is built for Java 1.6.0.31 which I don;t have on my system. I'm running

1.7.0_45. The warnings indicate missing permission manifest attribute and potential problems with newer versions of Java


Missing Application-Name: manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384829604624

Missing Permissions manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384829604624

Missing Codebase manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384829604624


- And finllay, a NullPointerExceptopn occurs at:


com.postx.client.Tools.genBaseDir(Tools.java:2075)


I wonder why others don't see the same issue? Is it just the matter of folks upgrading to the newer Java environments to get the same error or somthing in my environment is can cause the exception?


I tried lowering the security level for applets from Java console to Medium (from High), I got an additional prompt asking me if I would run the applet with an older Java environment on my system (1.6.0.45), but it didn't help. Had the same result.


Any help is appreciated.


John


PS - oops! just noticed I cannot attach a file on reply. So I append the trace file below


=-=-=-=-=-=-=-=-=


=-=-=-=-=-=-=-=-=


Java Plug-in 10.45.2.18

Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM

User home directory = C:\Users\john


----------------------------------------------------


c:   clear console window

f:   finalize objects on finalization queue


g:   garbage collect


h:   display this help message


l:   dump classloader list


m:   print memory usage


o:   trigger logging


q:   hide console


r:   reload policy configuration


s:   dump system and deployment properties


t:   dump thread list


v:   dump thread stack


x:   clear classloader cache


0-5: set trace level to


----------------------------------------------------


cache: Initialize resource manager: [email protected]


basic: Added progress listener: [email protected]


basic: Plugin2ClassLoader.addURL parent called for http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


security: Blacklist revocation check is enabled


security: blacklist: Reconstruct cache


security: blacklist: created: NEED_CREATE, lastModified: 1384828211442


security: blacklist: hasBeenModifiedSince 1384827946764 (we have 1384828211442)


cache: Trying to update in place C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\73851b8f-4ce570b3.idx


cache: Upgrade writing to disk for C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\73851b8f-4ce570b3


security: blacklist: check contains 3037+iVeU8fGjcXsuZLW/Iv5Ey0=, state now NEED_CREATE


security: blacklist: check raw C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\blacklist.dynamic, false


security: blacklist: check raw C:\Program Files (x86)\Java\jre7\lib\security\blacklist, false


security: blacklist: check raw C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\blacklist, false


security: blacklist: save cache to C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache


security: Trusted libraries list check is enabled


security: Trusted libraries list file not found


cache: Create from verifier: JarSigningData{hasOnlySignedEntries=true, hasSingleCodeSource=true, hasMissingSignedEntries=false}


cache: Upgrade of entry done


cache: readIndexFile returning success


network: Remove cache entry: http://applet.postx.com/dist/EnvelopeTools51.jar?1384827885778


network: Cache entry not found [url: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677, version: null]


network: Connecting http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 with proxy=DIRECT


network: Connecting http://applet.postx.com:80/ with proxy=DIRECT


network: CleanupThread used 49324 us


network: CleanupThread used 2 us


network: Downloading resource: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


               Content-Length: 162,928


               Content-Encoding: null


network: Wrote URL http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 to File C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\73851b8f-331fcc0a-temp


security: blacklist: check contains 3037+iVeU8fGjcXsuZLW/Iv5Ey0=, state now IN_MEMORY


security: blacklist: not  found in cache


security: Trusted libraries list file not found


cache: Create from verifier: JarSigningData{hasOnlySignedEntries=true, hasSingleCodeSource=true, hasMissingSignedEntries=false}


network: CleanupThread used 1 us


cache: Adding MemoryCache entry: http://applet.postx.com/dist/EnvelopeTools51.jar


security: blacklist: hasBeenModifiedSince 1384828213748 (we have 1384828211442)


network: Cache entry found [url: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677, version: null] prevalidated=false/0


cache: Adding MemoryCache entry: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


cache:  Read manifest for http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677: read=89 full=2225


cache: Loading full manifest for http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677cache: Reading Signers from 5516 http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 | C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\73851b8f-331fcc0a.idx


cache: Done readSigners(http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677)


security: Trust for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 has ended: Wed Dec 31 19:00:00 EST 1969


security: Accessing keys and certificate in Mozilla user profile: null


Missing Application-Name: manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


Missing Permissions manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


Missing Codebase manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


security: Loading Deployment certificates from C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs


security: Loaded Deployment certificates from C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs


security: Loading certificates from Deployment session certificate store


security: Loaded certificates from Deployment session certificate store


security: Loading certificates from Deployment session certificate store


security: Loaded certificates from Deployment session certificate store


security: Loading certificates from Deployment session certificate store


security: Loaded certificates from Deployment session certificate store


security: Validate the certificate chain using CertPath API


security: Loading blacklisted.certs file: C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs


security: SHA-256Certificate finger print: 24A257718B2EDA924A30EC15806F46E277735B6F53C551EA2DEC224D154FD171


security: SHA-256Certificate finger print: AF840CA2B9DFB776BF81AA94C401BC440C52E5C590C43607A13D6680D83E3349


security: SHA-256Certificate finger print: C99157DF28D28EBD87B8B041AACCF023CF1C9AD0D21FD7116149D7F96484FA51


security: SHA-256Certificate finger print: 3F9F27D583204B9E09C8A3D2066C4B57D3A2479C3693650880505698105DBCE9


security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts


security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts


security: Obtain certificate collection in Root CA certificate store


security: Obtain certificate collection in Root CA certificate store


security: Obtain certificate collection in Root CA certificate store


security: Obtain certificate collection in Root CA certificate store


security: The OCSP support is enabled


security: The CRL support is enabled


security: Failing over to CRLs: Certificate does not specify OCSP responder


network: Cache entry found [url: http://crl.thawte.com/ThawtePremiumServerCA.crl, version: null] prevalidated=false/0


cache: Adding MemoryCache entry: http://crl.thawte.com/ThawtePremiumServerCA.crl


cache: Resource http://crl.thawte.com/ThawtePremiumServerCA.crl has expired.


network: Connecting http://crl.thawte.com/ThawtePremiumServerCA.crl with proxy=DIRECT


network: Connecting http://crl.thawte.com:80/ with proxy=DIRECT


network: ResponseCode for http://crl.thawte.com/ThawtePremiumServerCA.crl : 304


network: Encoding for http://crl.thawte.com/ThawtePremiumServerCA.crl : null


network: Disconnect connection to http://crl.thawte.com/ThawtePremiumServerCA.crl


network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT


network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT


security: OCSP Response: GOOD


network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT


network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT


security: OCSP Response: GOOD


security: Certificate validation succeeded using OCSP/CRL


basic: Dialog type is not candidate for embedding


security: User has granted the privileges to the code for this session only


security: Saving certificates in Deployment session certificate store


security: Saved certificates in Deployment session certificate store


security: Grant socket perm for http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 : [email protected] (


("java.net.SocketPermission" "applet.postx.com" "connect,accept,resolve")


)




security: Trust for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 has ended: Wed Dec 31 19:00:00 EST 1969


Missing Application-Name: manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


Missing Permissions manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


Missing Codebase manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


security: Validate the certificate chain using CertPath API


basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms


security: SHA-256Certificate finger print: 24A257718B2EDA924A30EC15806F46E277735B6F53C551EA2DEC224D154FD171


security: SHA-256Certificate finger print: AF840CA2B9DFB776BF81AA94C401BC440C52E5C590C43607A13D6680D83E3349


security: SHA-256Certificate finger print: C99157DF28D28EBD87B8B041AACCF023CF1C9AD0D21FD7116149D7F96484FA51


security: SHA-256Certificate finger print: 3F9F27D583204B9E09C8A3D2066C4B57D3A2479C3693650880505698105DBCE9


Missing Application-Name: manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


Missing Permissions manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


Missing Codebase manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677


security: Validate the certificate chain using CertPath API


security: SSV validation:


    running: 1.7.0_45


    requested: 1.6.0.31


    range: null


    javaVersionParam: null


    Rule Set version: null


network: Created version ID: 1.7.0.45


network: Created version ID: 1.6.0.31


security: Ask user to use: 1.6.0.31


network: Created version ID: 1.7.0.45+


network: Created version ID: 1.6.0.31


network: Created version ID: 1.6.0.31


network: Created version ID: 1.6.0.65


network: Created version ID: 1.7.0.45


network: Created version ID: 1.7


network: Created version ID: 2.2.45


basic: Applet loaded.


basic: Applet resized and added to parent container


basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 175756 us, pluginInit dt 10604238 us, TotalTime: 10779994 us


2013-11-18 21:30:21.676: Ident: $Id: EnvelopeTools.java,v 1.17 2011/04/05 21:18:39 blm Exp $


2013-11-18 21:30:21.677: build: 57


2013-11-18 21:30:21.677: build time: Wed Apr 06 02:37:22 EDT 2011


2013-11-18 21:30:21.710: Raw document.URL: file:///C:/Users/john/Downloads/securedoc_20131110T081336.html


2013-11-18 21:30:21.714: documentBase: null


2013-11-18 21:30:21.714: documentURL: file:///C:/Users/john/Downloads/securedoc_20131110T081336.html


2013-11-18 21:30:21.714: documentCharset: UTF-8


2013-11-18 21:30:21.714: codeBase: http://applet.postx.com/dist/


2013-11-18 21:30:21.714: appletName: EnvelopeTools51


2013-11-18 21:30:21.714: Ident: $Id: Tools.java,v 1.4 2011/04/06 02:49:34 blm Exp $


2013-11-18 21:30:21.714: Java: Oracle Corporation 1.7.0_45


2013-11-18 21:30:21.714: OS: Windows 8 6.2


2013-11-18 21:30:21.714: userAgent: mozilla/5.0 (windows nt 6.2; wow64; rv:25.0) gecko/20100101 firefox/25.0


2013-11-18 21:30:21.714: sunJava: true


2013-11-18 21:30:21.714: inIE: false


2013-11-18 21:30:21.714: OSMacOSX: false


2013-11-18 21:30:21.714: OSVista: true


2013-11-18 21:30:21.714: haveMSSecurity: false


2013-11-18 21:30:21.714: Free memory: 7904920


2013-11-18 21:30:21.715: Total memory: 16252928


java.lang.NullPointerException


               at com.postx.client.Tools.genBaseDir(Tools.java:2075)


network: Created version ID: 1.7.0.45


network: Created version ID: 1.7.0.45


               at com.postx.client.Tools.run(Tools.java:394)


               at com.postx.client.EnvelopeTools.init(EnvelopeTools.java:73)


               at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)


               at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)


               at java.lang.Thread.run(Unknown Source)


Ignored exception: java.lang.NullPointerException


network: Created version ID: 1.7.0.45


network: Created version ID: 1.7.0.45


basic: Dialog type is not candidate for embedding


basic: Removed progress listener: [email protected]


security: Reset deny session certificate store








David Miller Tue, 11/19/2013 - 00:49
User Badges:

Hi John,

I am getting the same kind of NPE error.  Snippet from Java trace:


java.lang.NullPointerException

at com.postx.client.Tools.genBaseDir(Tools.java:2075)

at com.postx.client.Tools.run(Tools.java:394)

at com.postx.client.EnvelopeTools.init(EnvelopeTools.java:73)

at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)

at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

preloader: Delivering: ErrorEvent[url=http://applet.postx.com/dist/ label=null cause=null

basic: Removed progress listener:

[email protected]

preloader: Preloader shutdown after ErrorEvent

preloader: Stop progressCheck thread

ui: Show default error panel

security: Reset deny session certificate store


This is using Windows 8.1, IE 11, Java 1.7.0_045

This is not an officially supported environment, see http://www.cisco.com/en/US/docs/security/iea/Compatibility_Matrix/IEA_Compatibility_Matrix.pdf


I also tried with Firefox 25.0.1 same result, the only difference is with IE it reverts automatically to online opener when the Java applet fails.


I will try with Windows 7 (supported environment)


I suggest you open a case with Cisco.

brmatthe Tue, 11/19/2013 - 10:45
User Badges:

Both of these are known issues, introduced by recent Oracle Java updates. The first is an enhancement to Java security for certain classes of applets. Because the Cisco applet is signed by a valid certificate, the enhancement doesn't actually increase the security of the Cisco applet (if it's tampered with, the signature won't verify), but it does result in the warning, and presumably someday Oracle won't allow the applet to run at all. For now it's safe to ignore that warning for Cisco applets (other applets from other providers may or may not be safe, you'll need to contact the providers of those applets).


The second issue is due to a couple of bugs in recent (1.7.0_40 and 1.7.0_45) versions of the JVM. Unfortunately the only workaround is to open the envelopes online (either by using the Open Online link if present, clicking Ok if prompted to open online, or by forwarding the message to [email protected]). This issue is being actively worked, and I'd expect a new applet that fixes both the NullPointerException issue and removes the missing permissions warning "shortly".


If you open a case, feel free to reference bug CSCuj26423.

johnsmith1000 Sun, 11/24/2013 - 18:49
User Badges:

Thanks Brian. We'll follow up with the case you mentioned.


John

johnsmith1000 Sun, 11/24/2013 - 18:51
User Badges:

BTW, I have noticed that the applet (and thus this bug) only show up if the secure message has an attachment. Otherwise, the message is decrypted successfully and no applet is loaded.


Could someone derscribe the logic for when applet is loaded and executes? When there is no applet involved, is the message decrypted via scripts?


John

David Miller Mon, 11/25/2013 - 00:38
User Badges:

You are correct, when there is no attachment in the original email then the message is decrypted using the JavaScript logic contained in the envelope HTML.  If for some reason the JavaScript cannot be executed, for example if the browser setting does not allow it, or the recipient's gateway has removed or "defanged" the JavaScript, then online opening is used.  With online opening the encrypted message contents are posted back to the key server (res.cisco.com) and the server decrypts the message.  There are other scenarios but these are the main ones.  In summary the Java applet is loaded if the original email contains an attachment and online opening is not selected.  Hope this helps.

David Miller Mon, 12/09/2013 - 00:53
User Badges:

I see that a new version of the Java applet (now build 61 was 57) is available but at least from my limited testing it does not seem to have fixed the problem.  I have tried with Win 7 64 bit and Win 8.1 with IE 11 and Firefox 25.

With IE 11 the envelope opens but you get this:

Seems like it ws not decrypted or some other decoding error.  There is nothing in the Java log to suggest a problem (snippet) except it says at some point inIE: false when it should say true presumably.


2013-12-09 08:33:17.109: Ident: $Id: EnvelopeTools.java,v 1.21 2013/10/28 00:19:45 blm Exp $

2013-12-09 08:33:17.109: build: 61

2013-12-09 08:33:17.109: build time: Sun Nov 10 23:08:03 GMT 2013

2013-12-09 08:33:17.156: Raw document.url:

file:///F:/Users/Dave/Desktop/securedoc_20131119T002214.html


2013-12-09 08:33:17.172: documentBase not set, using documentURL

2013-12-09 08:33:17.172: documentBase: file:/F:/Users/Dave/Desktop/securedoc_20131119T002214.html

2013-12-09 08:33:17.172: documentURL:

file:///F:/Users/Dave/Desktop/securedoc_20131119T002214.html


2013-12-09 08:33:17.172: documentCharset: utf-8

2013-12-09 08:33:17.172: codeBase:

http://applet.postx.com/dist/


2013-12-09 08:33:17.172: appletName: EnvelopeTools51

2013-12-09 08:33:17.172: Ident: $Id: Tools.java,v 1.9 2013/11/10 22:58:12 blm Exp $

2013-12-09 08:33:17.172: Java: Oracle Corporation 1.7.0_45

2013-12-09 08:33:17.172: OS: Windows 8 6.2

2013-12-09 08:33:17.172: userAgent: mozilla/5.0 (windows nt 6.3; wow64; trident/7.0; .net4.0e; .net4.0c; .net clr 3.5.30729; .net clr 2.0.50727; .net clr 3.0.30729; rv:11.0) like gecko

2013-12-09 08:33:17.172: inIE: false

2013-12-09 08:33:17.172: OSMacOSX: false

2013-12-09 08:33:17.172: OSVista: true

2013-12-09 08:33:17.172: Free memory: 9103960

2013-12-09 08:33:17.172: Total memory: 16252928

2013-12-09 08:33:18.140: Envelope open took 0.781s

netscape.javascript.JSException: baseURI and docbase host DO NOT match: res.cisco.com

at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown Source)

at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown Source)

at sun.plugin2.main.client.MessagePassingJSObject.eval(Unknown Source)

at com.postx.client.Tools.callJavaScript(Tools.java:690)

at com.postx.client.Tools.updateProgress(Tools.java:804)

at com.postx.client.Tools.processPayload(Tools.java:958)

at com.postx.client.Tools.run(Tools.java:459)

at com.postx.client.EnvelopeTools.init(EnvelopeTools.java:73)

at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)

at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

preloader: Delivering: ErrorEvent[url=http://applet.postx.com/dist/ label=baseURI and docbase host DO NOT match: res.cisco.com  cause=baseURI and docbase host DO NOT match: res.cisco.com

basic: Removed progress listener:

[email protected]


preloader: Preloader shutdown after ErrorEvent

preloader: Stop progressCheck thread

ui: Show default error panel

2013-12-09 08:33:17.109: Ident: $Id: EnvelopeTools.java,v 1.21 2013/10/28 00:19:45 blm Exp $

2013-12-09 08:33:17.109: build: 61

2013-12-09 08:33:17.109: build time: Sun Nov 10 23:08:03 GMT 2013

2013-12-09 08:33:17.156: Raw document.url: file:///F:/Users/Dave/Desktop/securedoc_20131119T002214.html
2013-12-09 08:33:17.172: documentBase not set, using documentURL

2013-12-09 08:33:17.172: documentBase: file:/F:/Users/Dave/Desktop/securedoc_20131119T002214.html

2013-12-09 08:33:17.172: documentURL:

file:///F:/Users/Dave/Desktop/securedoc_20131119T002214.html

2013-12-09 08:33:17.172: documentCharset: utf-8

2013-12-09 08:33:17.172: codeBase: http://applet.postx.com/dist/

2013-12-09 08:33:17.172: appletName: EnvelopeTools51

2013-12-09 08:33:17.172: Ident: $Id: Tools.java,v 1.9 2013/11/10 22:58:12 blm Exp $

2013-12-09 08:33:17.172: Java: Oracle Corporation 1.7.0_45

2013-12-09 08:33:17.172: OS: Windows 8 6.2

2013-12-09 08:33:17.172: userAgent: mozilla/5.0 (windows nt 6.3; wow64; trident/7.0; .net4.0e; .net4.0c; .net clr 3.5.30729; .net clr 2.0.50727; .net clr 3.0.30729; rv:11.0) like gecko

2013-12-09 08:33:17.172: inIE: false

2013-12-09 08:33:17.172: OSMacOSX: false

2013-12-09 08:33:17.172: OSVista: true

2013-12-09 08:33:17.172: Free memory: 9103960

2013-12-09 08:33:17.172: Total memory: 16252928

2013-12-09 08:33:18.140: Envelope open took 0.781s


If you use online opener it opens correctly like this.

With Firefox the applet stops with a Java error:


netscape.javascript.JSException: baseURI and docbase host DO NOT match: res.cisco.com
at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown Source)
at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown Source)
at sun.plugin2.main.client.MessagePassingJSObject.eval(Unknown Source)
at com.postx.client.Tools.callJavaScript(Tools.java:690)
at com.postx.client.Tools.updateProgress(Tools.java:804)
at com.postx.client.Tools.processPayload(Tools.java:958)
at com.postx.client.Tools.run(Tools.java:459)
at com.postx.client.EnvelopeTools.init(EnvelopeTools.java:73)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
preloader: Delivering: ErrorEvent[url=http://applet.postx.com/dist/ label=baseURI and docbase host DO NOT match: res.cisco.com  cause=baseURI and docbase host DO NOT match: res.cisco.com
basic: Removed progress listener: [email protected]
preloader: Preloader shutdown after ErrorEvent
preloader: Stop progressCheck thread
ui: Show default error panel

brmatthe Mon, 12/09/2013 - 08:47
User Badges:

The new applet fixes the problems originally reported in this thread. The garbled text in IE11 is new (as in just recently seen, I don't think it's related to the new applet), and is being investigated.

David Miller Mon, 12/09/2013 - 08:58
User Badges:

Thanks Brian.  What about the Firefox error noted above? 

netscape.javascript.JSException: baseURI and docbase host DO NOT match: res.cisco.com


BTW I have cleared the Java cache as per other post.

brmatthe Mon, 12/09/2013 - 09:03
User Badges:

The Firefox error is a known issue and there will probably be a hotpatch for it. Unfortunately it requires an envelope change, so a hotpatch won't fix existing envelopes.

johnsmith1000 Sun, 12/29/2013 - 18:09
User Badges:

Hi all,


Just checking in case there is any update on this case.


Similar to last message from Dave, I continue getting the error, even after clearing the cache. Is this still the latest status?


I get the following applet info in the log:


Ident: $Id: EnvelopeTools.java,v 1.21 2013/10/28 00:19:45 blm Exp $


Thanks and have a great holiday.

johnsmith1000 Mon, 01/13/2014 - 21:24
User Badges:

Dear Cisco Support,


Any update? I'm surprised that more customers are not blocked by this bug and are not vocing concerns here!


Thanks.

johnsmith1000 Mon, 01/20/2014 - 22:07
User Badges:

With the latest applet (now dated 2013/11/10) and running Java 1.7.0_51, I still get the exception:


baseURI and docbase host DO NOT match: res.cisco.com


Some details from the log:


2014-01-21 00:38:36.510: Ident: $Id: Tools.java,v 1.9 2013/11/10 22:58:12 blm Exp $


netscape.javascript.JSException: baseURI and docbase host DO NOT match: res.cisco.com

               at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown Source)

               at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown Source)

               at sun.plugin2.main.client.MessagePassingJSObject.eval(Unknown Source)

               at com.postx.client.Tools.callJavaScript(Tools.java:690)

               at com.postx.client.Tools.updateProgress(Tools.java:804)

               at com.postx.client.Tools.processPayload(Tools.java:958)

               at com.postx.client.Tools.run(Tools.java:459)

               at com.postx.client.EnvelopeTools.init(EnvelopeTools.java:73)

               at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)

               at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

               at java.lang.Thread.run(Unknown Source)


Any progress on fixing this issue?


Thanks.

brmatthe Tue, 01/21/2014 - 10:47
User Badges:

Yes, as reported above, fixing this requires an envelope change, so there's a longer process to roll out fixes, and existing envelopes will continue to have the problem, so you'll have to use open online for those.

brmatthe Tue, 01/21/2014 - 11:03
User Badges:

The garbled text is because the applet is sending big-endian data with a big-endian BOM and a charset of "UTF-16", which is all proper and should be fine (and works in all other browsers), but IE 11 is treating the data as little-endian, swapping every other byte. Sigh.

harrymailg Mon, 01/27/2014 - 12:07
User Badges:

Hello Brian


We have some customers that are facing the "garbled text" problem with the big-endian data in IE 11. Are you perhaps in a position to provide any feedback since the post on 09 December 2013 stating that the problem is being investigated?

brmatthe Fri, 02/07/2014 - 15:03
User Badges:

I know it's being worked on (I've seen code  changes flow by), but I don't know when it will be done and deployed.  The bug it's being worked on under is CSCul88098.

johnsmith1000 Sat, 02/08/2014 - 05:36
User Badges:

Dear Brian,


Great to hear the IE11 is being worked on and the pointer you supplied for the bug case. But please keep in mind that the applet runs into different problems in other versions of IE. I assume in addition to the latest version, you intend to support at least the one prior to the latest?


FYI, I have tested IE 8 thru 10, in addition to IE11. On IE 8 thru 10, a different exception occuers:


ExitException[ 3]java.lang.SecurityException: Bad applet class name

               at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)

               at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

               at java.lang.Thread.run(Unknown Source)


The error is poped up only if you have turned on debugging in your Java Console, otherwise you don;t see it. BUT the tricky part of problems with pre-IE 11 versions is that following the exception, the applet quietly changes the default of the decyrption to online mode and the "OPEN" button changes to "OPEN Online". An unsuspected user who has not turned on the exception reporting (I suspect the majority), may as usually click the return and not recognizing that their sensitive document is sent to an online service for decryption.


Is there a fix underway for pre-IE 11 and other browsers (which their problems have been discussed earlier in this thread)? If so, could you please provide a pointer for those bugs as well?


The console log showing the exception for IE 10 is attached below.

Regards.




=-=-=-=-=




Java Plug-in 10.51.2.13

Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM

User home directory = C:\Users\jsmith

----------------------------------------------------

c:   clear console window

f:   finalize objects on finalization queue

g:   garbage collect

h:   display this help message

l:   dump classloader list

m:   print memory usage

o:   trigger logging

q:   hide console

r:   reload policy configuration

s:   dump system and deployment properties

t:   dump thread list

v:   dump thread stack

x:   clear classloader cache

0-5: set trace level to

----------------------------------------------------

basic: Added progress listener: [email protected]

basic: exception: Bad applet class name.

ExitException[ 3]java.lang.SecurityException: Bad applet class name

               at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)

               at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

               at java.lang.Thread.run(Unknown Source)

Ignored exception: ExitException[ 3]java.lang.SecurityException: Bad applet class name

basic: Dialog type is not candidate for embedding

basic: Removed progress listener: [email protected]

security: Reset deny session certificate store

brmatthe Wed, 02/12/2014 - 13:32
User Badges:

The "bad applet class name" bug is CSCul90399. However, that's not what's causing Open Online to be used instead of Open, that's due to Java not being enabled by default any more and the process used to prompt the user to enable it not being compatible with how applets are used by envelopes, and is covered by bug CSCum00414.

johnsmith1000 Thu, 02/13/2014 - 06:34
User Badges:

Brian,


Thanks again for the explanation. Looks like Java compatibility (or lack thereof) is raising havoc...!!


Regards.

Actions

This Discussion