JDK-8023745 : sun.security.pkcs11.ConfigurationException: Unexpected value Token ['(']
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7u25
  • Priority: P3
  • Status: Resolved
  • Resolution: Duplicate
  • OS: windows_7
  • Submitted: 2013-08-26
  • Updated: 2013-08-28
  • Resolved: 2013-08-27
Related Reports
Duplicate :  
JDK-7196009 - SunPkcs11 provider fails to parse config path containing parenthesis
Relates :  
JDK-6581254 - pkcs11 provider fails to parse configuration file contains windows short path
Description
FULL PRODUCT VERSION :
java version "1.7.0_13"
Java(TM) SE Runtime Environment (build 1.7.0_13-b20)
Java HotSpot(TM) Client VM (build 23.7-b01, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Versi??n 6.1.7601]
(Windows 7 64bits)

A DESCRIPTION OF THE PROBLEM :
When connecting to PKCS#11 module installed on system as a DLL, it has problems parsing the full path (C:\Program Files (x86)\Classic Client\...)
Also happens whith paths containing ??, ??...??...

Note we are not using short paths!

Related to:
https://forums.oracle.com/thread/2239946

Happens since Java 6 (almost since 6_10). We have made all progress possible until now. (Actually we cant do more)



REGRESSION.  Last worked in version 6u43

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to connect to pkcs#11 module located on a valid named path.

Just place a dummy file (not even a pkcs#11 library) and try to connect to it using provided code.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Java should be able to connect to provided PKCS#11 module.
ACTUAL -
Parser doesnt like some common characters. See for example this trace:

Using: C:\Users\Jos?? Miguel\Desktop\mypkcs11.dll
ago 18, 2013 10:58:03 AM myApplet.Library loadCertificatesFromKeystore
WARNING: Security Provider:
java.security.ProviderException: Error parsing configuration
at sun.security.pkcs11.Config.getConfig(Config.java:88)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:128)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
at myApplet.Library.loadCertificatesFromKeystore(Library.java:1205)
at myApplet.MyDialog$9.run(MyDialog.java:372)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.WaitDispatchSupport$2.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.WaitDispatchSupport.enter(Unknown Source)
at java.awt.Dialog.show(Unknown Source)
at java.awt.Component.show(Unknown Source)
at java.awt.Component.setVisible(Unknown Source)
at java.awt.Window.setVisible(Unknown Source)
at java.awt.Dialog.setVisible(Unknown Source)
at myApplet.Library$4.run(Library.java:1543)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: sun.security.pkcs11.ConfigurationException: Unexpected value Token['??'], line 2
at sun.security.pkcs11.Config.excToken(Config.java:367)
at sun.security.pkcs11.Config.parseLine(Config.java:583)
at sun.security.pkcs11.Config.parseLibrary(Config.java:647)
at sun.security.pkcs11.Config.parse(Config.java:390)
at sun.security.pkcs11.Config.<init>(Config.java:216)
at sun.security.pkcs11.Config.getConfig(Config.java:84)
... 40 more

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Java Plugin 10.11.2.21
Usando versi??n de JRE 1.7.0_11-b21 Java HotSpot(TM) Client VM
Directorio ra??z del usuario = C:\Users\Jos?? Miguel
----------------------------------------------------
c:   borrar ventana de consola
f:   finalizar objetos en la cola de finalizaci??n
g:   recopilaci??n de basura
h:   mostrar este mensaje de ayuda
l:   volcar lista de classloader
m:   imprimir uso de memoria
o:   disparar registro
q:   ocultar consola
r:   recargar configuraci??n de pol??tica
s:   volcar propiedades del sistema y de despliegue
t:   volcar lista de threads
v:   volcar pila de threads
x:   borrar cach?? de classloader
0-5: definir nivel de rastreo en <n>
----------------------------------------------------
Cargando certificados desde almac??n.
userAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Path: C:\Program Files (x86)\tmp\mypkcs11.dll
ago 18, 2013 10:58:03 AM myApplet.Library getCertificatesPKCS11
WARNING: Security Provider:
java.security.ProviderException: Error parsing configuration
at sun.security.pkcs11.Config.getConfig(Config.java:88)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:128)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
at myApplet.Library.getCertificatesPKCS11(Library.java:344)
at myApplet.MyDialog$9.run(MyDialog.java:372)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.WaitDispatchSupport$2.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.WaitDispatchSupport.enter(Unknown Source)
at java.awt.Dialog.show(Unknown Source)
at java.awt.Component.show(Unknown Source)
at java.awt.Component.setVisible(Unknown Source)
at java.awt.Window.setVisible(Unknown Source)
at java.awt.Dialog.setVisible(Unknown Source)
at myApplet.Library$4.run(Library.java:1543)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: sun.security.pkcs11.ConfigurationException: Unexpected value Token['('], line 2
at sun.security.pkcs11.Config.excToken(Config.java:367)
at sun.security.pkcs11.Config.parseLine(Config.java:583)
at sun.security.pkcs11.Config.parseLibrary(Config.java:647)
at sun.security.pkcs11.Config.parse(Config.java:390)
at sun.security.pkcs11.Config.<init>(Config.java:216)
at sun.security.pkcs11.Config.getConfig(Config.java:84)
... 41 more

Path: C:\Users\Jos?? Miguel\Desktop\mypkcs11.dll
ago 18, 2013 10:58:03 AM myApplet.Library getCertificatesPKCS11
WARNING: Security Provider:
java.security.ProviderException: Error parsing configuration
at sun.security.pkcs11.Config.getConfig(Config.java:88)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:128)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
at myApplet.Library.getCertificatesPKCS11(Library.java:344)
at myApplet.MyDialog$9.run(MyDialog.java:372)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.WaitDispatchSupport$2.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.WaitDispatchSupport.enter(Unknown Source)
at java.awt.Dialog.show(Unknown Source)
at java.awt.Component.show(Unknown Source)
at java.awt.Component.setVisible(Unknown Source)
at java.awt.Window.setVisible(Unknown Source)
at java.awt.Dialog.setVisible(Unknown Source)
at myApplet.Library$4.run(Library.java:1543)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: sun.security.pkcs11.ConfigurationException: Unexpected value Token['??'], line 2
at sun.security.pkcs11.Config.excToken(Config.java:367)
at sun.security.pkcs11.Config.parseLine(Config.java:583)
at sun.security.pkcs11.Config.parseLibrary(Config.java:647)
at sun.security.pkcs11.Config.parse(Config.java:390)
at sun.security.pkcs11.Config.<init>(Config.java:216)
at sun.security.pkcs11.Config.getConfig(Config.java:84)
... 40 more


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.ByteArrayInputStream;
import java.security.Security;
import sun.security.pkcs11.SunPKCS11;


public class MyClass {
    public void run() {
        String libName="ONE";
        String file="C:\Program Files (x86)\tmp\mypkcs11.dll";
        String config = "name = " + libName + "\r
" + "library = " + file + "\r
";
        SunPKCS11 provider = (SunPKCS11) Security.getProvider("SunPKCS11-" + libName);
        provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
//exception
        libName="TWO";
        file="C:\Users\Jos?? Miguel\Desktop\mypkcs11.dll";
        config = "name = " + libName + "\r
" + "library = " + file + "\r
";
        provider = (SunPKCS11) Security.getProvider("SunPKCS11-" + libName);
        provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
//exception
    }
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Review the Config parser to include ??, ??...or any other filesystem supported character.
Comments
7196009
27-08-2013
JDK-6581254 is a similar (though fix doesn't address this issue) file parsing issue on Windows that was fixed in 7/8.
27-08-2013
Once I see SQE-OK - I will approve this P3 deferral. Also - please add the target release.
27-08-2013
Requesting for 7u40 deferral. Submitter has noted that this isn't a new problem but existed in JDK 6, workaround also noted in the bug.
27-08-2013