JDK-6741349 : Regression: NullPointerException in com.sun.javaws.security.SigningInfo.verifyAllEntriesSign
  • Type: Bug
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 6,6u10
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2008-08-26
  • Updated: 2011-02-16
  • Resolved: 2009-01-30
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6u12 b01Fixed
Related Reports
Duplicate :  
JDK-6735306 - Verifying of signed JAR failed
Relates :  
JDK-6595845 - Java 6 JavaWebstart increases footprint by factor 2
Description
FULL PRODUCT VERSION :
Java Web Start 1.6.0_06
Verwendung der JRE-Version 1.6.0_05 Java HotSpot(TM) Client VM

ADDITIONAL OS VERSION INFORMATION :
>ver

Microsoft Windows XP [Version 5.1.2600]

EXTRA RELEVANT SYSTEM CONFIGURATION :
contents of jnlp-File:

<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://www.le32.de:4050">
<information>
  <title>FirstSpirit Client (www.le32.de)</title>
  <vendor>e-Spirit AG</vendor>
  <homepage href="http://firstspirit.de"/>
  <description>FirstSpirit Client (www.le32.de)</description>
  <icon href="../img/FSicon.gif"/>
</information>
<security>
  <all-permissions/>
</security>
<application-desc main-class="de.espirit.firstspirit.client.CMSExplorer"/>
<icon kind="splash" href="../img/logo.jpg"/>
<resources>
  <j2se version="1.5+" max-heap-size="512m"/>
  <jar href="fs-client.jar"/>
  <property name="compression" value="0"/>
  <property name="encryption" value="0"/>
  <property name="host" value="www.le32.de"/>
  <property name="locale" value="de"/>
  <property name="login" value="client"/>
  <property name="login.ticket" value="zx9lbs3rsqy9"/>
  <property name="login.type" value="MAIN"/>
  <property name="maximize" value="false"/>
  <property name="mode" value="HTTP"/>
  <property name="port" value="4050"/>
  <property name="servletZone" value="/"/>
  <property name="sun.java2d.noddraw" value="true"/>
  <property name="url" value="http://www.le32.de:4050"/>
</resources>
</jnlp>

A DESCRIPTION OF THE PROBLEM :
After updating from java 1.6u3 to java 1.6u6 starting of our webstart application fails from time to time with a NullPointerException:

java.lang.NullPointerException
at com.sun.javaws.security.SigningInfo.verifyAllEntriesSigned(Unknown Source)
at com.sun.javaws.security.SigningInfo.checkSigning(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

The jar is signed and pack200

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Starting a webstart application with one large signed jar with java 1.6u6


ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.NullPointerException
at com.sun.javaws.security.SigningInfo.verifyAllEntriesSigned(Unknown Source)
at com.sun.javaws.security.SigningInfo.checkSigning(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

webstart error log:

#### Java Web Start Error:
#### null

REPRODUCIBILITY :
This bug can be reproduced occasionally.

CUSTOMER SUBMITTED WORKAROUND :
Use java 1.6u3 or 1.5

Release Regression From : 6u3
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.
Comments
EVALUATION Webrev: http://web-east.east/www/webrevs/ah22606/1.6.0_12/6741349/deploy/ testcase: http://web-east.east/www/tests/1.6.0_12/6741349/ Reviewers: thomas.v.ng, ethan.nicholas Risk: Low
28-10-2008
SUGGESTED FIX updated for 6u12 to include all 5 soft referenced manifest objects: http://web-east.east/www/webrevs/andy/1.6.0_12/6741349/
20-10-2008
SUGGESTED FIX http://web-east.east/www/webrevs/ah22606/1.6.0_11/6741349/deploy/
05-09-2008
EVALUATION when debuging this instance, I see exception at line 130 of SigningInfo.java. This is slightly differant from reports, in method verifyALlSignedEntriesPresent(). This is because ce.getManifest() is returning null. The jar clearly has a manifest, but ce.getManifest() returns null, even though printing out the ce right after shows ce.getManifest returns non-null immeadiately after. possibly caused by big fix to 6595845, which trys to lazily load create only weak references to manifests in 6u6
31-08-2008