-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
6
-
None
-
sparc
-
solaris_10
If you include a keystore entry in the policy file that loads a SunMSCAPI
keystore, ex:
keystore "NONE", "Windows-ROOT", "SunMSCAPI";
and you run an application/applet with a SecurityManager enabled, then the keystore
cannot be loaded due to a recursion problem loading the SunMSCAPI provider. A portion
of this stack trace is:
ProviderConfig: Recursion loading provider: sun.security.mscapi.SunMSCAPI
java.lang.Exception: Call trace
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:198)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
at sun.security.jca.GetInstance.getService(GetInstance.java:64)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.KeyStore.getInstance(KeyStore.java:632)
at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Policy.getPolicyNoCheck(Policy.java:163)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkLink(SecurityManager.java:818)
at java.lang.Runtime.loadLibrary0(Runtime.java:817)
at java.lang.System.loadLibrary(System.java:1030)
at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:34)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.mscapi.SunMSCAPI.<clinit>(SunMSCAPI.java:32)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
at sun.security.jca.GetInstance.getService(GetInstance.java:64)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.KeyStore.getInstance(KeyStore.java:632)
at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Policy.getPolicyNoCheck(Policy.java:163)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
at java.security.Provider.check(Provider.java:386)
at java.security.Provider.put(Provider.java:309)
at com.sun.crypto.provider.SunJCE$1.run(DashoA13*..)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.crypto.provider.SunJCE.<init>(DashoA13*..)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
at sun.security.jca.GetInstance.getService(GetInstance.java:64)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.KeyStore.getInstance(KeyStore.java:632)
at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Policy.getPolicyNoCheck(Policy.java:163)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
...
The problem is caused when the SunMSCAPI provider loads a native library, which requires a permission,
which then causes the policy to be parsed and the SunMSCAPI provider to be loaded again, etc. Eventually
the JCA provider loading code detects the recursion and throws an exception which is not fatal but results in
the keystore entry in the policy file being ignored. This causes any grant entries that depend on this
keystore entry to not be processed correctly.
keystore, ex:
keystore "NONE", "Windows-ROOT", "SunMSCAPI";
and you run an application/applet with a SecurityManager enabled, then the keystore
cannot be loaded due to a recursion problem loading the SunMSCAPI provider. A portion
of this stack trace is:
ProviderConfig: Recursion loading provider: sun.security.mscapi.SunMSCAPI
java.lang.Exception: Call trace
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:198)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
at sun.security.jca.GetInstance.getService(GetInstance.java:64)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.KeyStore.getInstance(KeyStore.java:632)
at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Policy.getPolicyNoCheck(Policy.java:163)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkLink(SecurityManager.java:818)
at java.lang.Runtime.loadLibrary0(Runtime.java:817)
at java.lang.System.loadLibrary(System.java:1030)
at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:34)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.mscapi.SunMSCAPI.<clinit>(SunMSCAPI.java:32)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
at sun.security.jca.GetInstance.getService(GetInstance.java:64)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.KeyStore.getInstance(KeyStore.java:632)
at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Policy.getPolicyNoCheck(Policy.java:163)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
at java.security.Provider.check(Provider.java:386)
at java.security.Provider.put(Provider.java:309)
at com.sun.crypto.provider.SunJCE$1.run(DashoA13*..)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.crypto.provider.SunJCE.<init>(DashoA13*..)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
at sun.security.jca.GetInstance.getService(GetInstance.java:64)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.KeyStore.getInstance(KeyStore.java:632)
at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Policy.getPolicyNoCheck(Policy.java:163)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
...
The problem is caused when the SunMSCAPI provider loads a native library, which requires a permission,
which then causes the policy to be parsed and the SunMSCAPI provider to be loaded again, etc. Eventually
the JCA provider loading code detects the recursion and throws an exception which is not fatal but results in
the keystore entry in the policy file being ignored. This causes any grant entries that depend on this
keystore entry to not be processed correctly.
- duplicates
-
-
- Closed
-
- relates to
-
JDK-6474018 grant signed by fails if certificate is being stored in browser keystore
-
- Closed
-