United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6741349 Regression: NullPointerException in com.sun.javaws.security.SigningInfo.verifyAllEntriesSign
JDK-6741349 : Regression: NullPointerException in com.sun.javaws.security.SigningInfo.verifyAllEntriesSign

Details
Type:
Bug
Submit Date:
2008-08-26
Status:
Closed
Updated Date:
2011-02-16
Project Name:
JDK
Resolved Date:
2009-01-30
Component:
deploy
OS:
windows_xp
Sub-Component:
webstart
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
6,6u10
Fixed Versions:
6u12 (b01)

Related Reports
Duplicate:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
Java Web Start 1.6.0_06
Verwendung der JRE-Version 1.6.0_05 Java HotSpot(TM) Client VM

ADDITIONAL OS VERSION INFORMATION :
>ver

Microsoft Windows XP [Version 5.1.2600]

EXTRA RELEVANT SYSTEM CONFIGURATION :
contents of jnlp-File:

<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://www.le32.de:4050">
<information>
  <title>FirstSpirit Client (www.le32.de)</title>
  <vendor>e-Spirit AG</vendor>
  <homepage href="http://firstspirit.de"/>
  <description>FirstSpirit Client (www.le32.de)</description>
  <icon href="../img/FSicon.gif"/>
</information>
<security>
  <all-permissions/>
</security>
<application-desc main-class="de.espirit.firstspirit.client.CMSExplorer"/>
<icon kind="splash" href="../img/logo.jpg"/>
<resources>
  <j2se version="1.5+" max-heap-size="512m"/>
  <jar href="fs-client.jar"/>
  <property name="compression" value="0"/>
  <property name="encryption" value="0"/>
  <property name="host" value="www.le32.de"/>
  <property name="locale" value="de"/>
  <property name="login" value="client"/>
  <property name="login.ticket" value="zx9lbs3rsqy9"/>
  <property name="login.type" value="MAIN"/>
  <property name="maximize" value="false"/>
  <property name="mode" value="HTTP"/>
  <property name="port" value="4050"/>
  <property name="servletZone" value="/"/>
  <property name="sun.java2d.noddraw" value="true"/>
  <property name="url" value="http://www.le32.de:4050"/>
</resources>
</jnlp>

A DESCRIPTION OF THE PROBLEM :
After updating from java 1.6u3 to java 1.6u6 starting of our webstart application fails from time to time with a NullPointerException:

java.lang.NullPointerException
at com.sun.javaws.security.SigningInfo.verifyAllEntriesSigned(Unknown Source)
at com.sun.javaws.security.SigningInfo.checkSigning(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

The jar is signed and pack200

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Starting a webstart application with one large signed jar with java 1.6u6


ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.NullPointerException
at com.sun.javaws.security.SigningInfo.verifyAllEntriesSigned(Unknown Source)
at com.sun.javaws.security.SigningInfo.checkSigning(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

webstart error log:

#### Java Web Start Error:
#### null

REPRODUCIBILITY :
This bug can be reproduced occasionally.

CUSTOMER SUBMITTED WORKAROUND :
Use java 1.6u3 or 1.5

Release Regression From : 6u3
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.

                                    

Comments
EVALUATION

when debuging this instance, I see exception at line 130 of SigningInfo.java.
This is slightly differant from reports, in method verifyALlSignedEntriesPresent().
This is because ce.getManifest() is returning null.  The jar clearly has a manifest, but ce.getManifest() returns null, even though printing out the ce right after shows ce.getManifest returns non-null immeadiately after.
possibly caused by big fix to 6595845, which trys to lazily load create only weak references to manifests in 6u6
                                     
2008-08-31
SUGGESTED FIX

http://web-east.east/www/webrevs/ah22606/1.6.0_11/6741349/deploy/
                                     
2008-09-05
SUGGESTED FIX

updated for 6u12 to include all 5 soft referenced manifest objects:
http://web-east.east/www/webrevs/andy/1.6.0_12/6741349/
                                     
2008-10-20
EVALUATION

Webrev:  http://web-east.east/www/webrevs/ah22606/1.6.0_12/6741349/deploy/
testcase:  http://web-east.east/www/tests/1.6.0_12/6741349/
Reviewers: thomas.v.ng, ethan.nicholas
Risk: Low
                                     
2008-10-28



Hardware and Software, Engineered to Work Together