-
Bug
-
Resolution: Won't Fix
-
P3
-
None
-
6u21
-
x86
-
windows_xp
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2203087 | 6-pool | Vikram Aroskar | P3 | Closed | Won't Fix |
FULL PRODUCT VERSION :
java version "1.6.0_21"
Java(TM) SE Runtime Environment (build 1.6.0_21-b07)
Java HotSpot(TM) Client VM (build 17.0-b17, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Wersja 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Mozilla JSS tested versions were 4.3 and 4.3.2 - both of them worked fine with Firefox 3.5.3 and both didn't work with FF 3.6
A DESCRIPTION OF THE PROBLEM :
Upgrading from FF 3.5.3 to FF 3.6.x (latest checked - 3.6.8) causes Java plugin to stop loading applets over mutual SSL connection.
The same setup works correctly in FF version 3.5.3.
I've tried with Java Plug-in 1.6.0-13 and with the latest Java Plug-in
1.6.0-21 - no impact (3.5.3 works and 3.6.6 doesn't).
The difference is in following console output lines:
3.5.3:
security: Accessing keys and certificate in Mozilla user profile:
C:Documents and Settings...MozillaFirefoxProfiles/iuvmye4y.default
security: JSS package is loaded
security: JSS is configured
3.6.6:
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
I've cleaned the FF profile before setting up the 3.6.6 - doesn't help.
The same with Sun/Java cache and profile (i've already experienced this
has been an issue in previous JSS / FF versions).
There's no additional debug info comming out - even when I use the debug version of the jss4.jar (all 3 debugging options checked in Java Control Panel)
It appears like the jss4.jar is not being loaded at all - at least the
method CryptoManager.initialize is not being called (I've prepared a test
version with some system outs there - they appear in 3.5.3 but not in
3.6.6).
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Assuming one has a private key & certificate pair in Firefox keystore, which is trusted to the tested site and allows to authenticate there by CLIENT_CERT:
1. Start Firefox and open trusted test site, which requests client certificate for the authentication, containing any Java applet
2. The exception like "Exception: java.lang.ClassFormatError: Incompatible magic value Exception: java.lang.ClassFormatError: Incompatible magic value ..." will occur - as a consequence of plugin's inability to setup the mutual SSL connection for downloading the applet jar from the server.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The applet jar should be downloaded over mutual SSL which should be established by plugin using the Mozilla browser keystore.
ACTUAL -
The applet jar isn't downloaded because mutual SSL cannot be established due to "security: JSS is not configured"
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Java Plug-in 1.6.0_21
Using JRE version 1.6.0_21-b07 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\xxxxx
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value null
security: property package.definition new value com.sun.javaws
security: property package.definition value com.sun.javaws
security: property package.definition new value com.sun.javaws,com.sun.deploy
security: property package.definition value com.sun.javaws,com.sun.deploy
security: property package.definition new value com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@471e30
basic: Plugin2ClassLoader.addURL parent called for https://xxxx.jar
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
network: Connecting https://xxxx.jar with proxy=DIRECT
network: Connecting http://xxxx:443/ with proxy=DIRECT
security: Loading Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loading Deployment SSL certificates from C:\Documents and Settings\xxxx\Dane aplikacji\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from C:\Documents and Settings\xxxx\Dane aplikacji\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
Exception in thread "HandshakeCompletedNotify-Thread" java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextEntry(Unknown Source)
at java.util.HashMap$EntryIterator.next(Unknown Source)
at java.util.HashMap$EntryIterator.next(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl$NotifyHandshakeThread.run(Unknown Source)
network: Connecting https://xxxx.jar with cookie "XXXXXXX"
network: Downloading resource: https://xxxx.jar
Content-Length: 505
Content-Encoding: null
network: Connecting https://xxxx.jar with proxy=DIRECT
network: Connecting https://xxxx.jar with cookie "XXXX"
network: Downloading resource: https://xxxx.jar
Content-Length: 505
Content-Encoding: null
network: Connecting https://xxxx.jar with proxy=DIRECT
network: Connecting https://xxxx.jar with cookie "xxxx"
network: Downloading resource: https://xxxx.jar
Content-Length: 505
Content-Encoding: null
network: Connecting https://xxxx.jar with proxy=DIRECT
network: Connecting https://xxxx.jar with cookie "XXXX"
network: Downloading resource: https://xxxx.jar
Content-Length: 505
Content-Encoding: null
network: Connecting https://xxxx.class with proxy=DIRECT
network: Connecting https://xxxx.class with cookie "XXXX"
basic: error: Incompatible magic value 1008813135 in class file xxxx.
java.lang.ClassFormatError: Incompatible magic value 1008813135 in class file xxxx
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(Unknown Source)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.ClassFormatError: Incompatible magic value 1008813135 in class file xxxx
Ignored exception: java.lang.ClassFormatError: Incompatible magic value 1008813135 in class file xxxx
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
A switch to Microsoft IE - which works with no problem in this case.
The production deployment includes using smartcards, so distributing user keys in plugin keystores makes no sense.
java version "1.6.0_21"
Java(TM) SE Runtime Environment (build 1.6.0_21-b07)
Java HotSpot(TM) Client VM (build 17.0-b17, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Wersja 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Mozilla JSS tested versions were 4.3 and 4.3.2 - both of them worked fine with Firefox 3.5.3 and both didn't work with FF 3.6
A DESCRIPTION OF THE PROBLEM :
Upgrading from FF 3.5.3 to FF 3.6.x (latest checked - 3.6.8) causes Java plugin to stop loading applets over mutual SSL connection.
The same setup works correctly in FF version 3.5.3.
I've tried with Java Plug-in 1.6.0-13 and with the latest Java Plug-in
1.6.0-21 - no impact (3.5.3 works and 3.6.6 doesn't).
The difference is in following console output lines:
3.5.3:
security: Accessing keys and certificate in Mozilla user profile:
C:Documents and Settings...MozillaFirefoxProfiles/iuvmye4y.default
security: JSS package is loaded
security: JSS is configured
3.6.6:
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
I've cleaned the FF profile before setting up the 3.6.6 - doesn't help.
The same with Sun/Java cache and profile (i've already experienced this
has been an issue in previous JSS / FF versions).
There's no additional debug info comming out - even when I use the debug version of the jss4.jar (all 3 debugging options checked in Java Control Panel)
It appears like the jss4.jar is not being loaded at all - at least the
method CryptoManager.initialize is not being called (I've prepared a test
version with some system outs there - they appear in 3.5.3 but not in
3.6.6).
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Assuming one has a private key & certificate pair in Firefox keystore, which is trusted to the tested site and allows to authenticate there by CLIENT_CERT:
1. Start Firefox and open trusted test site, which requests client certificate for the authentication, containing any Java applet
2. The exception like "Exception: java.lang.ClassFormatError: Incompatible magic value Exception: java.lang.ClassFormatError: Incompatible magic value ..." will occur - as a consequence of plugin's inability to setup the mutual SSL connection for downloading the applet jar from the server.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The applet jar should be downloaded over mutual SSL which should be established by plugin using the Mozilla browser keystore.
ACTUAL -
The applet jar isn't downloaded because mutual SSL cannot be established due to "security: JSS is not configured"
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Java Plug-in 1.6.0_21
Using JRE version 1.6.0_21-b07 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\xxxxx
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value null
security: property package.definition new value com.sun.javaws
security: property package.definition value com.sun.javaws
security: property package.definition new value com.sun.javaws,com.sun.deploy
security: property package.definition value com.sun.javaws,com.sun.deploy
security: property package.definition new value com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@471e30
basic: Plugin2ClassLoader.addURL parent called for https://xxxx.jar
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
network: Connecting https://xxxx.jar with proxy=DIRECT
network: Connecting http://xxxx:443/ with proxy=DIRECT
security: Loading Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files\Java\jre6\lib\security\cacerts
security: Loading Deployment SSL certificates from C:\Documents and Settings\xxxx\Dane aplikacji\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from C:\Documents and Settings\xxxx\Dane aplikacji\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
Exception in thread "HandshakeCompletedNotify-Thread" java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextEntry(Unknown Source)
at java.util.HashMap$EntryIterator.next(Unknown Source)
at java.util.HashMap$EntryIterator.next(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl$NotifyHandshakeThread.run(Unknown Source)
network: Connecting https://xxxx.jar with cookie "XXXXXXX"
network: Downloading resource: https://xxxx.jar
Content-Length: 505
Content-Encoding: null
network: Connecting https://xxxx.jar with proxy=DIRECT
network: Connecting https://xxxx.jar with cookie "XXXX"
network: Downloading resource: https://xxxx.jar
Content-Length: 505
Content-Encoding: null
network: Connecting https://xxxx.jar with proxy=DIRECT
network: Connecting https://xxxx.jar with cookie "xxxx"
network: Downloading resource: https://xxxx.jar
Content-Length: 505
Content-Encoding: null
network: Connecting https://xxxx.jar with proxy=DIRECT
network: Connecting https://xxxx.jar with cookie "XXXX"
network: Downloading resource: https://xxxx.jar
Content-Length: 505
Content-Encoding: null
network: Connecting https://xxxx.class with proxy=DIRECT
network: Connecting https://xxxx.class with cookie "XXXX"
basic: error: Incompatible magic value 1008813135 in class file xxxx.
java.lang.ClassFormatError: Incompatible magic value 1008813135 in class file xxxx
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(Unknown Source)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.ClassFormatError: Incompatible magic value 1008813135 in class file xxxx
Ignored exception: java.lang.ClassFormatError: Incompatible magic value 1008813135 in class file xxxx
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
A switch to Microsoft IE - which works with no problem in this case.
The production deployment includes using smartcards, so distributing user keys in plugin keystores makes no sense.
- backported by
-
JDK-2203087 Firefox+JSS,loading applets over mutual SSL stopped working since the FF v.3.6
-
- Closed
-
- relates to
-
-
- Closed
-