Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7001094

Can't initialize SunPKCS11 more times than PKCS11 driver maxSessionCount

    Details

    • Subcomponent:
    • Resolved In Build:
      b140
    • CPU:
      x86
    • OS:
      windows_xp
    • Verification:
      Not verified

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.6.0_22"
        Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
        Java HotSpot(TM) Client VM (build 17.1-b03, mixed mode, sharing)

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows XP [Version 5.1.2600]

        EXTRA RELEVANT SYSTEM CONFIGURATION :
        PKCS11 driver has limit for session count.

        A DESCRIPTION OF THE PROBLEM :
        After refactoring done in 1.6.0_21 in sun.security.pkcs11.SessionManager it is not possible to initialize SunPKCS11 provider more times than PKCS11 driver maxSessionCount limit. When initializing (maxLimitCount + 1) instance exception is thrown.

        In 1.6.0_20 or earlier this works fine.

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Create in loop more than maxSessionCount (this is specific for PKCS11 driver). In maxSessionCounty + 1 loop exception is thrown.

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        no exception is thrown
        ACTUAL -

        Exception in thread "main" java.security.ProviderException: Initialization failed
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340)
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:90)
        at pl.unizeto.procertum.pkcs11.SunPkcs11BugTest.main(SunPkcs11BugTest.java:29)
        Caused by: java.security.ProviderException: Could not obtain session
        at sun.security.pkcs11.SessionManager.getOpSession(SessionManager.java:134)
        at sun.security.pkcs11.Token.<init>(Token.java:118)
        at sun.security.pkcs11.SunPKCS11.initToken(SunPKCS11.java:780)
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:331)

        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
                // Maximum session count supported by pkcs11 driver.
                // If you don't know what is the limit for your driver set it to 1000
                // or higher value.
                // If driver has no limit for session count this test works fine.
                int driverMaxSessions = 32;
                
                StringBuilder pkcs11Cfg = new StringBuilder();
                pkcs11Cfg.append("name = PKCS11\n");
                pkcs11Cfg.append("library = crypto3PKCS.dll");
                
                for(int i=0; i < driverMaxSessions + 1; i++) {
                
                    InputStream config = new ByteArrayInputStream(pkcs11Cfg.toString().getBytes());
                    
                    // fails with "java.security.ProviderException: Could not obtain session"
                    // when in (driverMaxSession + 1) loop on JRE 6u20 or later
                    SunPKCS11 provider = new sun.security.pkcs11.SunPKCS11(config);
                    provider.logout();
                }
        ---------- END SOURCE ----------

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  valeriep Valerie Peng
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: