-
Bug
-
Resolution: Fixed
-
P3
-
6
-
b140
-
x86
-
windows_xp
-
Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2209223 | 6u27 | Sean Coffey | P3 | Closed | Fixed | b01 |
| JDK-2209885 | 6u26-rev | Sean Coffey | P3 | Resolved | Fixed | b21 |
| JDK-2208022 | 6u25-rev | Sean Coffey | P3 | Resolved | Fixed | b21 |
FULL PRODUCT VERSION :
java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) Client VM (build 17.1-b03, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
PKCS11 driver has limit for session count.
A DESCRIPTION OF THE PROBLEM :
After refactoring done in 1.6.0_21 in sun.security.pkcs11.SessionManager it is not possible to initialize SunPKCS11 provider more times than PKCS11 driver maxSessionCount limit. When initializing (maxLimitCount + 1) instance exception is thrown.
In 1.6.0_20 or earlier this works fine.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create in loop more than maxSessionCount (this is specific for PKCS11 driver). In maxSessionCounty + 1 loop exception is thrown.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no exception is thrown
ACTUAL -
Exception in thread "main" java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:90)
at pl.unizeto.procertum.pkcs11.SunPkcs11BugTest.main(SunPkcs11BugTest.java:29)
Caused by: java.security.ProviderException: Could not obtain session
at sun.security.pkcs11.SessionManager.getOpSession(SessionManager.java:134)
at sun.security.pkcs11.Token.<init>(Token.java:118)
at sun.security.pkcs11.SunPKCS11.initToken(SunPKCS11.java:780)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:331)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
// Maximum session count supported by pkcs11 driver.
// If you don't know what is the limit for your driver set it to 1000
// or higher value.
// If driver has no limit for session count this test works fine.
int driverMaxSessions = 32;
StringBuilder pkcs11Cfg = new StringBuilder();
pkcs11Cfg.append("name = PKCS11\n");
pkcs11Cfg.append("library = crypto3PKCS.dll");
for(int i=0; i < driverMaxSessions + 1; i++) {
InputStream config = new ByteArrayInputStream(pkcs11Cfg.toString().getBytes());
// fails with "java.security.ProviderException: Could not obtain session"
// when in (driverMaxSession + 1) loop on JRE 6u20 or later
SunPKCS11 provider = new sun.security.pkcs11.SunPKCS11(config);
provider.logout();
}
---------- END SOURCE ----------
java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) Client VM (build 17.1-b03, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
PKCS11 driver has limit for session count.
A DESCRIPTION OF THE PROBLEM :
After refactoring done in 1.6.0_21 in sun.security.pkcs11.SessionManager it is not possible to initialize SunPKCS11 provider more times than PKCS11 driver maxSessionCount limit. When initializing (maxLimitCount + 1) instance exception is thrown.
In 1.6.0_20 or earlier this works fine.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create in loop more than maxSessionCount (this is specific for PKCS11 driver). In maxSessionCounty + 1 loop exception is thrown.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no exception is thrown
ACTUAL -
Exception in thread "main" java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:90)
at pl.unizeto.procertum.pkcs11.SunPkcs11BugTest.main(SunPkcs11BugTest.java:29)
Caused by: java.security.ProviderException: Could not obtain session
at sun.security.pkcs11.SessionManager.getOpSession(SessionManager.java:134)
at sun.security.pkcs11.Token.<init>(Token.java:118)
at sun.security.pkcs11.SunPKCS11.initToken(SunPKCS11.java:780)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:331)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
// Maximum session count supported by pkcs11 driver.
// If you don't know what is the limit for your driver set it to 1000
// or higher value.
// If driver has no limit for session count this test works fine.
int driverMaxSessions = 32;
StringBuilder pkcs11Cfg = new StringBuilder();
pkcs11Cfg.append("name = PKCS11\n");
pkcs11Cfg.append("library = crypto3PKCS.dll");
for(int i=0; i < driverMaxSessions + 1; i++) {
InputStream config = new ByteArrayInputStream(pkcs11Cfg.toString().getBytes());
// fails with "java.security.ProviderException: Could not obtain session"
// when in (driverMaxSession + 1) loop on JRE 6u20 or later
SunPKCS11 provider = new sun.security.pkcs11.SunPKCS11(config);
provider.logout();
}
---------- END SOURCE ----------
- backported by
-
JDK-2208022 Can't initialize SunPKCS11 more times than PKCS11 driver maxSessionCount
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-