openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #05237
[Bug 710273] [NEW] using SSL in applet causes Error/Exception
Public bug reported:
My last system upgrade (on 2011-01-28) changed (inter alia)
icedtea6-plugin:i386 (6b20-1.9.2-0ubuntu2, 6b20-1.9.4-0ubuntu1)
This new version seems to have some problem in the security
configuration, leading to a AccessControlException in the
SSL-loading code.
For a demonstration, use the applet at http://www.fencing-
game.de/en/lobby.html and observe the ~/.icedteaplugin/java.stdout. With
the version before (6b20-1.9.2-0ubuntu2), you'll get a green "encrypted
connection", with the new version (6b20-1.9.4-0ubuntu1) you'll get some
stack trace in the java.stdout and a red "unencrypted connection" (our
applet has a fallback to non-ssl because of a similar problem in Apple's
Java implementation).
The current sun plugin works without problems (on Ubuntu and also on
Windows).
Here a copy of the first stack trace:
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
at sun.security.jca.ProviderList$ServiceList.tryGet(ProviderList.java:433)
at sun.security.jca.ProviderList$ServiceList.access$200(ProviderList.java:375)
at sun.security.jca.ProviderList$ServiceList$1.hasNext(ProviderList.java:485)
at java.security.Signature.getInstance(Signature.java:209)
at sun.security.ssl.JsseJce.getSignature(JsseJce.java:214)
at sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:173)
at sun.security.ssl.CipherSuite$KeyExchange.isAvailable(CipherSuite.java:297)
at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:162)
at sun.security.ssl.CipherSuiteList.buildAvailableCache(CipherSuiteList.java:232)
at sun.security.ssl.CipherSuiteList.getDefault(CipherSuiteList.java:256)
at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:540)
at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:378)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90)
at de.fencing_game.ssl.SSLHelper.openSocket(SSLHelper.java:33)
at de.fencing_game.transport.client.Connection.createSocket(Connection.java:95)
at de.fencing_game.transport.client.Connection.getTransport(Connection.java:51)
at de.fencing_game.transport.client.SSService.getServer(SSService.java:35)
at de.fencing_game.transport.client.SSService.getServer(SSService.java:11)
at de.fencing_game.gui.applet.AppletBase.initServer(AppletBase.java:360)
at de.fencing_game.gui.applet.AppletBase$2.run(AppletBase.java:249)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.security.util)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:250)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1529)
at java.lang.ClassLoader$1.run(ClassLoader.java:345)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:343)
at sun.security.pkcs11.SunPKCS11.<clinit>(SunPKCS11.java:63)
... 30 more
When later loading the applet again (in the same VM), it changes to
this:
java.lang.NoClassDefFoundError: Could not initialize class sun.security.pkcs11.SunPKCS11
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
at sun.security.jca.ProviderList$ServiceList.tryGet(ProviderList.java:433)
at sun.security.jca.ProviderList$ServiceList.access$200(ProviderList.java:375)
at sun.security.jca.ProviderList$ServiceList$1.hasNext(ProviderList.java:485)
at java.security.Signature.getInstance(Signature.java:209)
at sun.security.ssl.JsseJce.getSignature(JsseJce.java:214)
at sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:173)
at sun.security.ssl.CipherSuite$KeyExchange.isAvailable(CipherSuite.java:297)
at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:162)
at sun.security.ssl.CipherSuiteList.buildAvailableCache(CipherSuiteList.java:232)
at sun.security.ssl.CipherSuiteList.getDefault(CipherSuiteList.java:256)
at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:540)
at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:378)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90)
at de.fencing_game.ssl.SSLHelper.openSocket(SSLHelper.java:33)
at de.fencing_game.transport.client.Connection.createSocket(Connection.java:95)
at de.fencing_game.transport.client.Connection.getTransport(Connection.java:51)
at de.fencing_game.transport.client.SSService.getServer(SSService.java:35)
at de.fencing_game.transport.client.SSService.getServer(SSService.java:11)
at de.fencing_game.gui.applet.AppletBase.initServer(AppletBase.java:360)
at de.fencing_game.gui.applet.AppletBase$2.run(AppletBase.java:249)
** Affects: openjdk-6 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/710273
Title:
using SSL in applet causes Error/Exception
Status in “openjdk-6” package in Ubuntu:
New
Bug description:
My last system upgrade (on 2011-01-28) changed (inter alia)
icedtea6-plugin:i386 (6b20-1.9.2-0ubuntu2, 6b20-1.9.4-0ubuntu1)
This new version seems to have some problem in the security
configuration, leading to a AccessControlException in the
SSL-loading code.
For a demonstration, use the applet at http://www.fencing-
game.de/en/lobby.html and observe the ~/.icedteaplugin/java.stdout.
With the version before (6b20-1.9.2-0ubuntu2), you'll get a green
"encrypted connection", with the new version (6b20-1.9.4-0ubuntu1)
you'll get some stack trace in the java.stdout and a red "unencrypted
connection" (our applet has a fallback to non-ssl because of a similar
problem in Apple's Java implementation).
The current sun plugin works without problems (on Ubuntu and also on
Windows).
Here a copy of the first stack trace:
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
at sun.security.jca.ProviderList$ServiceList.tryGet(ProviderList.java:433)
at sun.security.jca.ProviderList$ServiceList.access$200(ProviderList.java:375)
at sun.security.jca.ProviderList$ServiceList$1.hasNext(ProviderList.java:485)
at java.security.Signature.getInstance(Signature.java:209)
at sun.security.ssl.JsseJce.getSignature(JsseJce.java:214)
at sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:173)
at sun.security.ssl.CipherSuite$KeyExchange.isAvailable(CipherSuite.java:297)
at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:162)
at sun.security.ssl.CipherSuiteList.buildAvailableCache(CipherSuiteList.java:232)
at sun.security.ssl.CipherSuiteList.getDefault(CipherSuiteList.java:256)
at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:540)
at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:378)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90)
at de.fencing_game.ssl.SSLHelper.openSocket(SSLHelper.java:33)
at de.fencing_game.transport.client.Connection.createSocket(Connection.java:95)
at de.fencing_game.transport.client.Connection.getTransport(Connection.java:51)
at de.fencing_game.transport.client.SSService.getServer(SSService.java:35)
at de.fencing_game.transport.client.SSService.getServer(SSService.java:11)
at de.fencing_game.gui.applet.AppletBase.initServer(AppletBase.java:360)
at de.fencing_game.gui.applet.AppletBase$2.run(AppletBase.java:249)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.security.util)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:250)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1529)
at java.lang.ClassLoader$1.run(ClassLoader.java:345)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:343)
at sun.security.pkcs11.SunPKCS11.<clinit>(SunPKCS11.java:63)
... 30 more
When later loading the applet again (in the same VM), it changes to
this:
java.lang.NoClassDefFoundError: Could not initialize class sun.security.pkcs11.SunPKCS11
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
at sun.security.jca.ProviderList$ServiceList.tryGet(ProviderList.java:433)
at sun.security.jca.ProviderList$ServiceList.access$200(ProviderList.java:375)
at sun.security.jca.ProviderList$ServiceList$1.hasNext(ProviderList.java:485)
at java.security.Signature.getInstance(Signature.java:209)
at sun.security.ssl.JsseJce.getSignature(JsseJce.java:214)
at sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:173)
at sun.security.ssl.CipherSuite$KeyExchange.isAvailable(CipherSuite.java:297)
at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:162)
at sun.security.ssl.CipherSuiteList.buildAvailableCache(CipherSuiteList.java:232)
at sun.security.ssl.CipherSuiteList.getDefault(CipherSuiteList.java:256)
at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:540)
at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:378)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:90)
at de.fencing_game.ssl.SSLHelper.openSocket(SSLHelper.java:33)
at de.fencing_game.transport.client.Connection.createSocket(Connection.java:95)
at de.fencing_game.transport.client.Connection.getTransport(Connection.java:51)
at de.fencing_game.transport.client.SSService.getServer(SSService.java:35)
at de.fencing_game.transport.client.SSService.getServer(SSService.java:11)
at de.fencing_game.gui.applet.AppletBase.initServer(AppletBase.java:360)
at de.fencing_game.gui.applet.AppletBase$2.run(AppletBase.java:249)
Follow ups
References