Ubuntu
openjdk-6 package

using SSL in applet causes Error/Exception

Bug #710273 reported by Paul Ebermann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openjdk-6 (Ubuntu)
New
Undecided
Unassigned

Bug Description

My last system upgrade (on 2011-01-28) changed (inter alia)
icedtea6-plugin:i386 (6b20-1.9.2-0ubuntu2, 6b20-1.9.4-0ubuntu1)

This new version seems to have some problem in the security
configuration, leading to a AccessControlException in the
SSL-loading code.

For a demonstration, use the applet at http://www.fencing-game.de/en/lobby.html and observe the ~/.icedteaplugin/java.stdout. With the version before (6b20-1.9.2-0ubuntu2), you'll get a green "encrypted connection", with the new version (6b20-1.9.4-0ubuntu1) you'll get some stack trace in the java.stdout and a red "unencrypted connection" (our applet has a fallback to non-ssl because of a similar problem in Apple's Java implementation).

The current sun plugin works without problems (on Ubuntu and also on Windows).

Here a copy of the first stack trace:

java.lang.ExceptionInInitializerError
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
 at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
 at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
 at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
 at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
 at sun.security.jca.ProviderList$ServiceList.tryGet(ProviderList.java:433)
 at sun.security.jca.ProviderList$ServiceList.access$200(ProviderList.java:375)
 at sun.security.jca.ProviderList$ServiceList$1.hasNext(ProviderList.java:485)
 at java.security.Signature.getInstance(Signature.java:209)
 at sun.security.ssl.JsseJce.getSignature(JsseJce.java:214)
 at sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:173)
 at sun.security.ssl.CipherSuite$KeyExchange.isAvailable(CipherSuite.java:297)
 at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:162)
 at sun.security.ssl.CipherSuiteList.buildAvailableCache(CipherSuiteList.java:232)
 at sun.security.ssl.CipherSuiteList.getDefault(CipherSuiteList.java:256)
 at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:540)
 at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:378)
 at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90)
 at de.fencing_game.ssl.SSLHelper.openSocket(SSLHelper.java:33)
 at de.fencing_game.transport.client.Connection.createSocket(Connection.java:95)
 at de.fencing_game.transport.client.Connection.getTransport(Connection.java:51)
 at de.fencing_game.transport.client.SSService.getServer(SSService.java:35)
 at de.fencing_game.transport.client.SSService.getServer(SSService.java:11)
 at de.fencing_game.gui.applet.AppletBase.initServer(AppletBase.java:360)
 at de.fencing_game.gui.applet.AppletBase$2.run(AppletBase.java:249)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.security.util)
 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
 at java.security.AccessController.checkPermission(AccessController.java:553)
 at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
 at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:250)
 at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1529)
 at java.lang.ClassLoader$1.run(ClassLoader.java:345)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:343)
 at sun.security.pkcs11.SunPKCS11.<clinit>(SunPKCS11.java:63)
 ... 30 more

When later loading the applet again (in the same VM), it changes to this:

java.lang.NoClassDefFoundError: Could not initialize class sun.security.pkcs11.SunPKCS11
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
 at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
 at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
 at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
 at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
 at sun.security.jca.ProviderList$ServiceList.tryGet(ProviderList.java:433)
 at sun.security.jca.ProviderList$ServiceList.access$200(ProviderList.java:375)
 at sun.security.jca.ProviderList$ServiceList$1.hasNext(ProviderList.java:485)
 at java.security.Signature.getInstance(Signature.java:209)
 at sun.security.ssl.JsseJce.getSignature(JsseJce.java:214)
 at sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:173)
 at sun.security.ssl.CipherSuite$KeyExchange.isAvailable(CipherSuite.java:297)
 at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:162)
 at sun.security.ssl.CipherSuiteList.buildAvailableCache(CipherSuiteList.java:232)
 at sun.security.ssl.CipherSuiteList.getDefault(CipherSuiteList.java:256)
 at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:540)
 at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:378)
 at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90)
 at de.fencing_game.ssl.SSLHelper.openSocket(SSLHelper.java:33)
 at de.fencing_game.transport.client.Connection.createSocket(Connection.java:95)
 at de.fencing_game.transport.client.Connection.getTransport(Connection.java:51)
 at de.fencing_game.transport.client.SSService.getServer(SSService.java:35)
 at de.fencing_game.transport.client.SSService.getServer(SSService.java:11)
 at de.fencing_game.gui.applet.AppletBase.initServer(AppletBase.java:360)
 at de.fencing_game.gui.applet.AppletBase$2.run(AppletBase.java:249)

Revision history for this message
Paul Ebermann (paul-ebermann) wrote :

It works on another computer with SUSE with the same IcedTea version (IcedTea6 1.9.4 (suse-1.2.1-x86_64)), so it seems to either be Ubuntu specific or specific to the x386 version of IcedTea (which I doubt).

Revision history for this message
Paul Ebermann (paul-ebermann) wrote :

The problem still occurs on 6b20-1.9.5-0ubuntu1 .

Revision history for this message
Thomas Schyra (arctanh) wrote :

In my case this error still exists: Ubuntu 11.10.

I noticed quite a few errors during system-upgrade, some sun-certs seem not to be copied.

java.lang.NoClassDefFoundError: Could not initialize class sun.security.pkcs11.SunPKCS11
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
 at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
 at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
 at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
 at sun.security.jca.ProviderList.loadAll(ProviderList.java:281)
 at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:298)
 at sun.security.jca.Providers.getFullProviderList(Providers.java:176)
 at java.security.Security.getProviders(Security.java:458)
 at java.security.Security.getProviders(Security.java:607)
 at java.security.Security.getProviders(Security.java:552)
 at org.apache.derby.client.am.EncryptionManager.<init>(Unknown Source)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.