FULL PRODUCT VERSION : java version "1.8.0_121" Java(TM) SE Runtime Environment (build 1.8.0_121-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode) --- current upstream OpenJDK 9 affected too ADDITIONAL OS VERSION INFORMATION : Linux dhcp-10-40-4-225.brq.redhat.com 4.13.16-302.fc27.x86_64 #1 SMP Thu Nov 30 15:33:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux A DESCRIPTION OF THE PROBLEM : The SunNativeProvider.INSTANCE is initialized before the hashmap MECH_MAP, so it is initialized with empy list of supported mechanism. When trying to acceptSecContext, it fails on exception of unsupported mechanism: GSSException: Provider SunNativeGSS does not support mechanism 1.2.840.113554.1.2.2 at java.security.jgss/sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:253) at java.security.jgss/sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:209) at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:234) at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:337) at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:302) There is trivial fix, which also fixed the problem for me when applied on upstream OpenJDK 9: diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java --- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java +++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java @@ -54,7 +54,7 @@ private static final String LIB_PROP = "sun.security.jgss.lib"; private static final String DEBUG_PROP = "sun.security.nativegss.debug"; private static HashMap<String, String> MECH_MAP; - static final Provider INSTANCE = new SunNativeProvider(); + static boolean DEBUG; static void debug(String message) { if (DEBUG) { @@ -119,6 +119,8 @@ }); } + static final Provider INSTANCE = new SunNativeProvider(); + public SunNativeProvider() { /* We are the Sun NativeGSS provider */ super(NAME, PROVIDER_VER, INFO); REGRESSION. Last worked in version 8u151 STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Try to acceptSecContext when native GSS is used. REPRODUCIBILITY : This bug can be reproduced always. CUSTOMER SUBMITTED WORKAROUND : I was not able to find workaround without patching OpenJDK source (patch above)
|