Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6495732

Policy keystore recursion problem loading SunMSCAPI provider

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 6
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
      None

      Description

      If you include a keystore entry in the policy file that loads a SunMSCAPI
      keystore, ex:

      keystore "NONE", "Windows-ROOT", "SunMSCAPI";

      and you run an application/applet with a SecurityManager enabled, then the keystore
      cannot be loaded due to a recursion problem loading the SunMSCAPI provider. A portion
      of this stack trace is:

        
      ProviderConfig: Recursion loading provider: sun.security.mscapi.SunMSCAPI
      java.lang.Exception: Call trace
              at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:198)
              at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
              at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
              at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
              at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
              at sun.security.jca.GetInstance.getService(GetInstance.java:64)
              at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
              at java.security.Security.getImpl(Security.java:662)
              at java.security.KeyStore.getInstance(KeyStore.java:632)
              at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
              at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
              at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
              at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
              at java.security.AccessController.doPrivileged(Native Method)
              at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
              at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
              at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
              at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
              at java.lang.Class.newInstance0(Class.java:355)
              at java.lang.Class.newInstance(Class.java:308)
              at java.security.Policy.getPolicyNoCheck(Policy.java:163)
              at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
              at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
              at java.security.AccessController.checkPermission(AccessController.java:546)
              at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
              at java.lang.SecurityManager.checkLink(SecurityManager.java:818)
              at java.lang.Runtime.loadLibrary0(Runtime.java:817)
              at java.lang.System.loadLibrary(System.java:1030)
              at sun.security.mscapi.SunMSCAPI$1.run(SunMSCAPI.java:34)
              at java.security.AccessController.doPrivileged(Native Method)
              at sun.security.mscapi.SunMSCAPI.<clinit>(SunMSCAPI.java:32)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
              at java.lang.Class.newInstance0(Class.java:355)
              at java.lang.Class.newInstance(Class.java:308)
              at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
              at java.security.AccessController.doPrivileged(Native Method)
              at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
              at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
              at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
              at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
              at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
              at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
              at sun.security.jca.GetInstance.getService(GetInstance.java:64)
              at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
              at java.security.Security.getImpl(Security.java:662)
              at java.security.KeyStore.getInstance(KeyStore.java:632)
              at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
              at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
              at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
              at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
              at java.security.AccessController.doPrivileged(Native Method)
              at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
              at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
              at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
              at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
              at java.lang.Class.newInstance0(Class.java:355)
              at java.lang.Class.newInstance(Class.java:308)
              at java.security.Policy.getPolicyNoCheck(Policy.java:163)
              at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
              at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
              at java.security.AccessController.checkPermission(AccessController.java:546)
              at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
              at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
              at java.security.Provider.check(Provider.java:386)
              at java.security.Provider.put(Provider.java:309)
              at com.sun.crypto.provider.SunJCE$1.run(DashoA13*..)
              at java.security.AccessController.doPrivileged(Native Method)
              at com.sun.crypto.provider.SunJCE.<init>(DashoA13*..)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
              at java.lang.Class.newInstance0(Class.java:355)
              at java.lang.Class.newInstance(Class.java:308)
              at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
              at java.security.AccessController.doPrivileged(Native Method)
              at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
              at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
              at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
              at sun.security.jca.ProviderList.getIndex(ProviderList.java:245)
              at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:229)
              at sun.security.jca.ProviderList.getProvider(ProviderList.java:235)
              at sun.security.jca.GetInstance.getService(GetInstance.java:64)
              at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
              at java.security.Security.getImpl(Security.java:662)
              at java.security.KeyStore.getInstance(KeyStore.java:632)
              at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:88)
              at sun.security.provider.PolicyFile.init(PolicyFile.java:618)
              at sun.security.provider.PolicyFile.access$400(PolicyFile.java:263)
              at sun.security.provider.PolicyFile$3.run(PolicyFile.java:529)
              at java.security.AccessController.doPrivileged(Native Method)
              at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:502)
              at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:488)
              at sun.security.provider.PolicyFile.init(PolicyFile.java:447)
              at sun.security.provider.PolicyFile.<init>(PolicyFile.java:305)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
              at java.lang.Class.newInstance0(Class.java:355)
              at java.lang.Class.newInstance(Class.java:308)
              at java.security.Policy.getPolicyNoCheck(Policy.java:163)
              at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
              at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
              at java.security.AccessController.checkPermission(AccessController.java:546)
              at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      ...

      The problem is caused when the SunMSCAPI provider loads a native library, which requires a permission,
      which then causes the policy to be parsed and the SunMSCAPI provider to be loaded again, etc. Eventually
      the JCA provider loading code detects the recursion and throws an exception which is not fatal but results in
      the keystore entry in the policy file being ignored. This causes any grant entries that depend on this
      keystore entry to not be processed correctly.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              vinnie Vincent Ryan
              Reporter:
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: