-
Bug
-
Resolution: Fixed
-
P4
-
8, 9
-
b36
-
x86_64
-
windows_7
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8193519 | 9-pool | Unassigned | P4 | Closed | Won't Fix | |
| JDK-8252527 | openjdk8u272 | Weijun Wang | P4 | Resolved | Fixed | b06 |
| JDK-8193520 | 8-pool | Sean Coffey | P4 | In Progress | Unresolved |
FULL PRODUCT VERSION :
java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.3.9600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
NSS functions correctly, and can query the smartcard for its four certificates. NSS version 3.20.1
nss.properties file referenced in java.security:
name = "NSS"
nssLibraryDirectory = "c:\\ci-root\\pkcs11\\bin"
nssSecmodDirectory = "c:\\ci-root\\pkcs11\\nssdb"
A DESCRIPTION OF THE PROBLEM :
When Mozilla NSS uses sqlite3 formatted databases the database names are different. Please see https://blogs.oracle.com/meena/entry/what_s_new_in_nss1
key3.db -> key4.db
cert8.db -> cert9.db
secmod.db -> pkcs11.txt
The JVM has a requirement for a file named secmod.db which does not exist when NSS uses sqlite.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
c:\ci-root\pkcs11\bin\modutil -create -dbdir sql:c:\ci-root\pkcs11\nssdb
c:\ci-root\pkcs11\bin\modutil -add "SmartCard" -nocertdb -force -libfile "acpkcs211.dll" -dbdir sql:c:\ci-root\pkcs11\nssdb
keytool -keystore NONE -storetype PKCS11 -providername SunPKCS11-NSS -list -v
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I would not expect to receive this error.
ACTUAL -
See error message below regarding secmod.db not being found by sun.security.pkcs11.Secmod.initialize
ERROR MESSAGES/STACK TRACES THAT OCCUR :
keytool -keystore NONE -storetype PKCS11 -providername SunPKCS11-NSS -list -v
keytool error: java.security.ProviderException: Could not initialize NSS
java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:212)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:263)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:247)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:253)
at sun.security.jca.GetInstance.getService(GetInstance.java:81)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Security.getImpl(Security.java:698)
at java.security.KeyStore.getInstance(KeyStore.java:896)
at sun.security.tools.keytool.Main.doCommands(Main.java:768)
at sun.security.tools.keytool.Main.run(Main.java:340)
at sun.security.tools.keytool.Main.main(Main.java:333)
Caused by: java.io.FileNotFoundException: c:\ci-root\pkcs11\nssdb\secmod.db
at sun.security.pkcs11.Secmod.initialize(Secmod.java:205)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:207)
... 21 more
REPRODUCIBILITY :
This bug can be reproduced always.
java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.3.9600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
NSS functions correctly, and can query the smartcard for its four certificates. NSS version 3.20.1
nss.properties file referenced in java.security:
name = "NSS"
nssLibraryDirectory = "c:\\ci-root\\pkcs11\\bin"
nssSecmodDirectory = "c:\\ci-root\\pkcs11\\nssdb"
A DESCRIPTION OF THE PROBLEM :
When Mozilla NSS uses sqlite3 formatted databases the database names are different. Please see https://blogs.oracle.com/meena/entry/what_s_new_in_nss1
key3.db -> key4.db
cert8.db -> cert9.db
secmod.db -> pkcs11.txt
The JVM has a requirement for a file named secmod.db which does not exist when NSS uses sqlite.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
c:\ci-root\pkcs11\bin\modutil -create -dbdir sql:c:\ci-root\pkcs11\nssdb
c:\ci-root\pkcs11\bin\modutil -add "SmartCard" -nocertdb -force -libfile "acpkcs211.dll" -dbdir sql:c:\ci-root\pkcs11\nssdb
keytool -keystore NONE -storetype PKCS11 -providername SunPKCS11-NSS -list -v
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I would not expect to receive this error.
ACTUAL -
See error message below regarding secmod.db not being found by sun.security.pkcs11.Secmod.initialize
ERROR MESSAGES/STACK TRACES THAT OCCUR :
keytool -keystore NONE -storetype PKCS11 -providername SunPKCS11-NSS -list -v
keytool error: java.security.ProviderException: Could not initialize NSS
java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:212)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:263)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:247)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:253)
at sun.security.jca.GetInstance.getService(GetInstance.java:81)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Security.getImpl(Security.java:698)
at java.security.KeyStore.getInstance(KeyStore.java:896)
at sun.security.tools.keytool.Main.doCommands(Main.java:768)
at sun.security.tools.keytool.Main.run(Main.java:340)
at sun.security.tools.keytool.Main.main(Main.java:333)
Caused by: java.io.FileNotFoundException: c:\ci-root\pkcs11\nssdb\secmod.db
at sun.security.pkcs11.Secmod.initialize(Secmod.java:205)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:207)
... 21 more
REPRODUCIBILITY :
This bug can be reproduced always.
- backported by
-
JDK-8193520 PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
-
- In Progress
-
-
-
- Resolved
-
-
-
- Closed
-
- relates to
-
-
- Resolved
-
-
-
- Closed
-