Signed code runs using WebStart in 1.4 but not 1.5
I have a signed application that runs flawlessly under WebStart in 1.4 JDKs/JREs (on WinXP/2K, Linux and MacOS X) that refuses to run under WebStart in 1.5 JDKs (on both Windows and Linux; haven't tried on MacOS).
My code is packaged as an application, not an applet, but I haven't been able to find any info on what the problem might be, and I'm wondering if anyone has seen a similar problem with signed applets.
The error occurs when the certificate is validated (this is from 1.5.0_03):
java.security.cert.CeritificateException: Check leaf key usage failed in
certificate
at
com.sun.deploy.security.CertUtils.checkUsageForCodeSigning(CertUtils.java:102)
...
I've tried 1.5.0 (Windows & Linux) and 1.5.0_03 (Linux), with the same error each time. I know of several others who have also been unable to run my application under 1.5.0; I don't know of anyone who has been able to run it under 1.5.0.
I'm using a code-signing certificate bought from Thawte. I've tried using jarsigner from both 1.4 and 1.5, but get the same results each time. From the exception, it seems likely that 1.5.0 doesn't believe that the certificate used to sign the code can be used for code-signing, but I don't know why it would come to this conclusion.
I've successfully run this app using WebStart under 1.4.2_01, 1.4.2_03 and 1.4.2_06, on Linux and WinXP/2K (ie these JDKs all successfully validate the certificate used to sign the app and prompt the user as expected), plus various Apple 1.4 JVMs.
Google hasn't been of any assistance, so any help would be greatly appreciated.
Cheers,
Damian
