JDK-8298108 : Add a regression test for JDK-8297684
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2022-12-05
  • Updated: 2023-01-09
  • Resolved: 2022-12-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 20
17.0.7-oracleFixed 20 b27Fixed
Related Reports
Relates :  
JDK-8298271 - java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
Relates :  
JDK-8269039 - Disable SHA-1 Signed JARs
Relates :  
JDK-8297684 - NullPointerException in JarVerifier prevents JVM from starting
Relates :  
JDK-8280890 - Cannot use '-Djava.system.class.loader' with class loader in signed JAR
Description
JDK-8297684 describes a problem caused by the patch of  JDK-8269039 that got fixed in JDK 19 with JDK-8280890. Since JDK-8269039 got backported to older releases a regression test illustrating the problem independent of JDK-8280890 would be good.

It illustrates that having -Djava.locale.providers=SPI with a custom CalendarDataProvider and any signed JAR in the classpath is enough to trigger the problem as described in JDK-8297684. The scope of JDK-8280890 is a lot narrower and isn't the full story.
Comments
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/1608 Date: 2022-12-23 16:57:07 +0000
23-12-2022
Fix Request (17u): Please approve backporting this additional test which verifies that the issue seen in JDK-8297684 is indeed fixed. It should be fixed in 17u with the backport of JDK-8280890 which has been integrated today (Dec 23, 2022). Clean patch. Test only patch, little risk. Requesting for the follow-up, JDK-8298271, as well.
23-12-2022
Fix Request (11u): Please approve backporting this additional test which verifies that the issue seen in JDK-8297684 is indeed fixed. It should be fixed in 11u with the backport of JDK-8280890 which has been integrated today (Dec 23, 2022). Clean patch. Test only patch, little risk. Requesting for the follow-up, JDK-8298271, as well.
23-12-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/977 Date: 2022-12-22 17:03:31 +0000
22-12-2022
Changeset: 4da84116 Author: Severin Gehwolf <sgehwolf@openjdk.org> Date: 2022-12-07 10:46:53 +0000 URL: https://git.openjdk.org/jdk/commit/4da8411674b7515310000bd8243860bc73f9a03d
07-12-2022
On an unpatched system the test fails and produces this stacktrace, matching JDK-8297684, which was seen in the wild: [2022-12-06T11:08:38.837533559Z] Waiting for completion for process 17343 [2022-12-06T11:08:38.837659447Z] Waiting for completion finished for process 17343 [2022-12-06T11:08:38.837832816Z] Waiting for completion for process 17343 [2022-12-06T11:08:38.837926576Z] Waiting for completion finished for process 17343 ----------System.err:(92/7498)---------- stdout: [Debug: Running test ]; stderr: [Exception in thread "main" java.lang.ExceptionInInitializerError at java.base/sun.security.util.DisabledAlgorithmConstraints.jarConstraints(DisabledAlgorithmConstraints.java:112) at java.base/sun.security.pkcs.SignerInfo.<clinit>(SignerInfo.java:61) at java.base/sun.security.pkcs.PKCS7.parseSignedData(PKCS7.java:380) at java.base/sun.security.pkcs.PKCS7.parse(PKCS7.java:174) at java.base/sun.security.pkcs.PKCS7.parse(PKCS7.java:142) at java.base/sun.security.pkcs.PKCS7.<init>(PKCS7.java:124) at java.base/sun.security.util.SignatureFileVerifier.<init>(SignatureFileVerifier.java:118) at java.base/java.util.jar.JarVerifier.processEntry(JarVerifier.java:308) at java.base/java.util.jar.JarVerifier.update(JarVerifier.java:239) at java.base/java.util.jar.JarFile.initializeVerifier(JarFile.java:762) at java.base/java.util.jar.JarFile.getInputStream(JarFile.java:845) at java.base/sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:187) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.parse(ServiceLoader.java:1172) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1213) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1228) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1273) at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1309) at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1393) at java.base/sun.util.locale.provider.SPILocaleProviderAdapter$1.run(SPILocaleProviderAdapter.java:83) at java.base/sun.util.locale.provider.SPILocaleProviderAdapter$1.run(SPILocaleProviderAdapter.java:76) at java.base/java.security.AccessController.doPrivileged(AccessController.java:569) at java.base/sun.util.locale.provider.SPILocaleProviderAdapter.findInstalledProvider(SPILocaleProviderAdapter.java:76) at java.base/sun.util.locale.provider.AuxLocaleProviderAdapter.getLocaleServiceProvider(AuxLocaleProviderAdapter.java:73) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.findProviders(LocaleServiceProviderPool.java:304) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.getLocalizedObjectImpl(LocaleServiceProviderPool.java:274) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.getLocalizedObject(LocaleServiceProviderPool.java:256) at java.base/sun.util.locale.provider.CalendarDataUtility.retrieveFirstDayOfWeek(CalendarDataUtility.java:76) at java.base/java.util.Calendar.setWeekCountData(Calendar.java:3397) at java.base/java.util.Calendar.<init>(Calendar.java:1607) at java.base/java.util.GregorianCalendar.<init>(GregorianCalendar.java:738) at java.base/java.util.Calendar$Builder.build(Calendar.java:1492) at java.base/sun.util.locale.provider.CalendarProviderImpl.getInstance(CalendarProviderImpl.java:87) at java.base/java.util.Calendar.createCalendar(Calendar.java:1692) at java.base/java.util.Calendar.getInstance(Calendar.java:1656) at TestSPISigned.doRunTest(TestSPISigned.java:110) at TestSPISigned.main(TestSPISigned.java:75) Caused by: java.lang.NullPointerException: Cannot invoke "sun.security.util.DisabledAlgorithmConstraints.permits(String, java.security.AlgorithmParameters, sun.security.util.ConstraintsParameters, boolean)" because "sun.security.pkcs.SignerInfo.JAR_DISABLED_CHECK" is null at java.base/sun.security.pkcs.SignerInfo.verifyAlgorithms(SignerInfo.java:761) at java.base/sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:324) at java.base/sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:282) at java.base/java.util.jar.JarVerifier.processEntry(JarVerifier.java:327) at java.base/java.util.jar.JarVerifier.update(JarVerifier.java:239) at java.base/java.util.jar.JarFile.initializeVerifier(JarFile.java:762) at java.base/java.util.jar.JarFile.getInputStream(JarFile.java:845) at java.base/sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:187) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.parse(ServiceLoader.java:1172) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1213) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1228) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1273) at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1309) at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1393) at java.base/sun.util.locale.provider.SPILocaleProviderAdapter$1.run(SPILocaleProviderAdapter.java:83) at java.base/sun.util.locale.provider.SPILocaleProviderAdapter$1.run(SPILocaleProviderAdapter.java:76) at java.base/java.security.AccessController.doPrivileged(AccessController.java:569) at java.base/sun.util.locale.provider.SPILocaleProviderAdapter.findInstalledProvider(SPILocaleProviderAdapter.java:76) at java.base/sun.util.locale.provider.AuxLocaleProviderAdapter.getLocaleServiceProvider(AuxLocaleProviderAdapter.java:73) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.findProviders(LocaleServiceProviderPool.java:304) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.getLocalizedObjectImpl(LocaleServiceProviderPool.java:274) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.getLocalizedObject(LocaleServiceProviderPool.java:256) at java.base/sun.util.locale.provider.CalendarDataUtility.retrieveFirstDayOfWeek(CalendarDataUtility.java:76) at java.base/java.util.Calendar.setWeekCountData(Calendar.java:3397) at java.base/java.util.Calendar.<init>(Calendar.java:1607) at java.base/java.util.GregorianCalendar.<init>(GregorianCalendar.java:738) at java.base/java.util.Calendar$Builder.build(Calendar.java:1492) at java.base/sun.security.util.DisabledAlgorithmConstraints$DenyAfterConstraint.<init>(DisabledAlgorithmConstraints.java:716) at java.base/sun.security.util.DisabledAlgorithmConstraints$Constraints.<init>(DisabledAlgorithmConstraints.java:428) at java.base/sun.security.util.DisabledAlgorithmConstraints.<init>(DisabledAlgorithmConstraints.java:148) at java.base/sun.security.util.DisabledAlgorithmConstraints.<init>(DisabledAlgorithmConstraints.java:122) at java.base/sun.security.util.DisabledAlgorithmConstraints$JarHolder.<clinit>(DisabledAlgorithmConstraints.java:98) ... 36 more ] exitValue = 1 java.lang.RuntimeException: Expected to get exit value of [0] at jdk.test.lib.process.OutputAnalyzer.shouldHaveExitValue(OutputAnalyzer.java:489) at TestSPISigned.main(TestSPISigned.java:103) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:125) at java.base/java.lang.Thread.run(Thread.java:833) JavaTest Message: Test threw exception: java.lang.RuntimeException: Expected to get exit value of [0] JavaTest Message: shutting down test
06-12-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/11515 Date: 2022-12-05 15:21:51 +0000
05-12-2022