FULL PRODUCT VERSION : java version "1.6.0" Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows XP [version 5.1.2600] A DESCRIPTION OF THE PROBLEM : After first installation of WebStart application Test.java class SecureRandom seems to work incorrectly ie. random.setSeed(seed) does not seed it properly. It seems to produce random numbers and not pseudorandom numbers deterministically. When application is started again SecureRandom works as expected. Test.java started from the command prompt also works as expected. Our applications use SecureRandom to generate application licenses so this bug prevents our applications from starting properly. Also our decryption and encryption modules which use SecureRandom seem to fail when application is run for the first time. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Compile Test.java and create test.jar Below is a build script build.cmd: javac Test.java jar -cvf test.jar Test.class Copy test.jar and attached test.jnlp to some server. Our server in test is www.superpass.de. Run test script below jwstest.cmd: C:\jdk1.6.0\bin\javaws -verbose -uninstall C:\jdk1.6.0\bin\javaws -verbose http://www.superpass.de/test.jnlp pause Press any button to continue C:\jdk1.6.0\bin\javaws -verbose http://www.superpass.de/test.jnlp Check output from the Java console ! EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - Web Start Test 10 equals 10 equals 10 ACTUAL - Web Start Test 10 equals -16 equals -47 Random numbers generated are different in each test run. REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- Test.java: import java.security.SecureRandom; public class Test { public static void main(String[] args) { byte z[] = {0,0} ; String msg = ""; try { byte tmp[] = {0}; SecureRandom random = SecureRandom.getInstance("SHA1PRNG","SUN"); byte seed[] = new byte[1]; seed[0] = 1; random.setSeed(seed); random.nextBytes(tmp); random = null; z[0] = tmp[0]; } catch(Exception e) { e.printStackTrace(); } try { byte tmp[] = {0}; SecureRandom random = SecureRandom.getInstance("SHA1PRNG","SUN"); byte seed[] = new byte[1]; seed[0] = 1; random.setSeed(seed); random.nextBytes(tmp); random = null; z[1] = tmp[0]; } catch(Exception e) { e.printStackTrace(); } msg = "Web Start Test " + 10 + " equals " + z[0] + " equals " + z[1]; System.out.println(msg); } } test.jnlp : <?xml version="1.0" encoding="utf-8"?> <jnlp spec="1.0+" codebase="http://www.superpass.de" href="test.jnlp"> <information> <title>Test</title> <vendor>Test</vendor> <homepage href="http://www.superpass.de"/> <description>Test</description> <description kind="short">Test</description> <offline-allowed/> </information> <resources> <j2se version="1.5+"/> <jar href="test.jar"/> </resources> <resources os="Windows"> </resources> <resources os="Linux"> </resources> <application-desc main-class="Test"/> </jnlp> ---------- END SOURCE ----------
|