Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8309667

TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry

    XMLWordPrintable

Details

    • b18
    • Verified

    Description

      Many HTTPClient tests are occasionally failing with the following stack trace:
      javax.net.ssl.SSLHandshakeException: No available authentication scheme
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
      at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:967)
      at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:956)
      at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:437)
      at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1245)
      at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1181)
      at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:839)
      at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800)
      at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
      at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
      at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
      at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
      at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
      at jdk.httpclient.test.lib.http2.Http2TestServerConnection.handshake(Http2TestServerConnection.java:317)
      at jdk.httpclient.test.lib.http2.Http2TestServerConnection.<init>(Http2TestServerConnection.java:165)
      at jdk.httpclient.test.lib.http2.Http2TestServer.createConnection(Http2TestServer.java:389)
      at jdk.httpclient.test.lib.http2.Http2TestServer$AcceptedConnection.startConnection(Http2TestServer.java:306)

      The failing tests include:
      java/net/httpclient/ManyRequests.java
      java/net/httpclient/ManyRequests2.java
      java/net/httpclient/LargeResponseTest.java

      Additional logging revealed that the handshake failures were caused by this exception:

      java.util.ConcurrentModificationException
      at java.base/java.util.HashMap$HashIterator.nextNode(HashMap.java:1605)
      at java.base/java.util.HashMap$KeyIterator.next(HashMap.java:1628)
      at java.base/java.util.AbstractCollection.addAll(AbstractCollection.java:337)
      at java.base/java.util.HashSet.<init>(HashSet.java:121)
      at java.base/java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:569)
      at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetEntry(PKCS12KeyStore.java:1338)
      at java.base/sun.security.util.KeyStoreDelegator.engineGetEntry(KeyStoreDelegator.java:174)
      at java.base/java.security.KeyStore.getEntry(KeyStore.java:1576)
      at java.base/sun.security.ssl.X509KeyManagerImpl.getEntry(X509KeyManagerImpl.java:271)
      at java.base/sun.security.ssl.X509KeyManagerImpl.getPrivateKey(X509KeyManagerImpl.java:117)
      at java.base/sun.security.ssl.X509Authentication.createServerPossession(X509Authentication.java:300)
      at java.base/sun.security.ssl.X509Authentication.createPossession(X509Authentication.java:195)
      at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.choosePossession(CertificateMessage.java:1056)
      at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:965)

      which in turn is caused by PKCS12KeyStore.getAttributes updating the same HashSet over and over again in multiple threads.

      Attachments

        Issue Links

          Activity

            People

              weijun Weijun Wang
              dfuchs Daniel Fuchs
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: