Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8309667

TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry

XMLWordPrintable

    • b18
    • Verified

        Many HTTPClient tests are occasionally failing with the following stack trace:
        javax.net.ssl.SSLHandshakeException: No available authentication scheme
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:967)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:956)
        at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:437)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1245)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1181)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:839)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
        at jdk.httpclient.test.lib.http2.Http2TestServerConnection.handshake(Http2TestServerConnection.java:317)
        at jdk.httpclient.test.lib.http2.Http2TestServerConnection.<init>(Http2TestServerConnection.java:165)
        at jdk.httpclient.test.lib.http2.Http2TestServer.createConnection(Http2TestServer.java:389)
        at jdk.httpclient.test.lib.http2.Http2TestServer$AcceptedConnection.startConnection(Http2TestServer.java:306)

        The failing tests include:
        java/net/httpclient/ManyRequests.java
        java/net/httpclient/ManyRequests2.java
        java/net/httpclient/LargeResponseTest.java

        Additional logging revealed that the handshake failures were caused by this exception:

        java.util.ConcurrentModificationException
        at java.base/java.util.HashMap$HashIterator.nextNode(HashMap.java:1605)
        at java.base/java.util.HashMap$KeyIterator.next(HashMap.java:1628)
        at java.base/java.util.AbstractCollection.addAll(AbstractCollection.java:337)
        at java.base/java.util.HashSet.<init>(HashSet.java:121)
        at java.base/java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:569)
        at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetEntry(PKCS12KeyStore.java:1338)
        at java.base/sun.security.util.KeyStoreDelegator.engineGetEntry(KeyStoreDelegator.java:174)
        at java.base/java.security.KeyStore.getEntry(KeyStore.java:1576)
        at java.base/sun.security.ssl.X509KeyManagerImpl.getEntry(X509KeyManagerImpl.java:271)
        at java.base/sun.security.ssl.X509KeyManagerImpl.getPrivateKey(X509KeyManagerImpl.java:117)
        at java.base/sun.security.ssl.X509Authentication.createServerPossession(X509Authentication.java:300)
        at java.base/sun.security.ssl.X509Authentication.createPossession(X509Authentication.java:195)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.choosePossession(CertificateMessage.java:1056)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:965)

        which in turn is caused by PKCS12KeyStore.getAttributes updating the same HashSet over and over again in multiple threads.

              weijun Weijun Wang
              dfuchs Daniel Fuchs
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: