-
Bug
-
Resolution: Fixed
-
P4
-
8, 9.0.1, 10
-
b18
-
x86_64
-
linux
-
Not verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8205284 | 11.0.1 | Valerie Peng | P4 | Resolved | Fixed | team |
FULL PRODUCT VERSION :
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
---
current upstream OpenJDK 9 affected too
ADDITIONAL OS VERSION INFORMATION :
Linux dhcp-10-40-4-225.brq.redhat.com 4.13.16-302.fc27.x86_64 #1 SMP Thu Nov 30 15:33:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
The SunNativeProvider.INSTANCE is initialized before the hashmap MECH_MAP, so it is initialized with empy list of supported mechanism. When trying to acceptSecContext, it fails on exception of unsupported mechanism:
GSSException: Provider SunNativeGSS does not support mechanism 1.2.840.113554.1.2.2
at java.security.jgss/sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:253)
at java.security.jgss/sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:209)
at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:234)
at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:337)
at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:302)
There is trivial fix, which also fixed the problem for me when applied on upstream OpenJDK 9:
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
@@ -54,7 +54,7 @@
private static final String LIB_PROP = "sun.security.jgss.lib";
private static final String DEBUG_PROP = "sun.security.nativegss.debug";
private static HashMap<String, String> MECH_MAP;
- static final Provider INSTANCE = new SunNativeProvider();
+
static boolean DEBUG;
static void debug(String message) {
if (DEBUG) {
@@ -119,6 +119,8 @@
});
}
+ static final Provider INSTANCE = new SunNativeProvider();
+
public SunNativeProvider() {
/* We are the Sun NativeGSS provider */
super(NAME, PROVIDER_VER, INFO);
REGRESSION. Last worked in version 8u151
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to acceptSecContext when native GSS is used.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
I was not able to find workaround without patching OpenJDK source (patch above)
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
---
current upstream OpenJDK 9 affected too
ADDITIONAL OS VERSION INFORMATION :
Linux dhcp-10-40-4-225.brq.redhat.com 4.13.16-302.fc27.x86_64 #1 SMP Thu Nov 30 15:33:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
The SunNativeProvider.INSTANCE is initialized before the hashmap MECH_MAP, so it is initialized with empy list of supported mechanism. When trying to acceptSecContext, it fails on exception of unsupported mechanism:
GSSException: Provider SunNativeGSS does not support mechanism 1.2.840.113554.1.2.2
at java.security.jgss/sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:253)
at java.security.jgss/sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:209)
at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:234)
at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:337)
at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:302)
There is trivial fix, which also fixed the problem for me when applied on upstream OpenJDK 9:
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
@@ -54,7 +54,7 @@
private static final String LIB_PROP = "sun.security.jgss.lib";
private static final String DEBUG_PROP = "sun.security.nativegss.debug";
private static HashMap<String, String> MECH_MAP;
- static final Provider INSTANCE = new SunNativeProvider();
+
static boolean DEBUG;
static void debug(String message) {
if (DEBUG) {
@@ -119,6 +119,8 @@
});
}
+ static final Provider INSTANCE = new SunNativeProvider();
+
public SunNativeProvider() {
/* We are the Sun NativeGSS provider */
super(NAME, PROVIDER_VER, INFO);
REGRESSION. Last worked in version 8u151
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to acceptSecContext when native GSS is used.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
I was not able to find workaround without patching OpenJDK source (patch above)
- backported by
-
JDK-8205284 Invalid SunNativeProvider.INSTANCE initialization
-
- Resolved
-