JDK-8314277 : NoClassDefFoundError caused by StackOverflowError, 11.0.20+9, loading signed jar
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 11.0.20-oracle
  • Priority: P3
  • Status: New
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2023-08-10
  • Updated: 2023-08-15
Related Reports
Duplicate :  
Description
ADDITIONAL SYSTEM INFORMATION :
Seen on RHEL 8.x and Windows Server 2019
Occurs with Oracle Java 11.0.20+9.  
Does not occur with OpenJDK distributions based on 11.0.20+8.  
Does occur with OpenJDK distibutions based on pre-release 11.0.21

A DESCRIPTION OF THE PROBLEM :
The original error we saw was "java.lang.NoClassDefFoundError: Could not initialize class java.time.zone.ZoneRulesProvider"  
Attaching a debugger (& having it break on exceptions) showed that the NoClassDefFoundError was caused by an underlying StackOverflowError having to do with class loading and jar file validation (signing?):
----------------------------------------------
2023/07/28 13:29:57.807 | INFO | jvm 2 | java.lang.ExceptionInInitializerError: Exception java.lang.StackOverflowError [in thread "main"]
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/java.security.AccessController.doPrivileged(Native Method)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/jdk.internal.logger.LazyLoggers.accessLoggerFinder(LazyLoggers.java:340) 2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/jdk.internal.logger.LazyLoggers.lambda$getLoggerFromFinder$0(LazyLoggers.java:392)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/java.security.AccessController.doPrivileged(Native Method)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/java.security.AccessController.doPrivileged(AccessController.java:430)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/jdk.internal.logger.LazyLoggers.getLoggerFromFinder(LazyLoggers.java:391)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/jdk.internal.logger.LazyLoggers.getLazyLogger(LazyLoggers.java:444) 
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/jdk.internal.logger.LazyLoggers.getLogger(LazyLoggers.java:414)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/java.lang.System.getLogger(System.java:1673)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/jdk.internal.event.EventHelper.isLoggingSecurity(EventHelper.java:145) 
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/sun.security.jca.JCAUtil.tryCommitCertEvent(JCAUtil.java:104)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:356)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/sun.security.pkcs.PKCS7.parseSignedData(PKCS7.java:302)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/sun.security.pkcs.PKCS7.parse(PKCS7.java:160)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/sun.security.pkcs.PKCS7.parse(PKCS7.java:128)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/sun.security.pkcs.PKCS7.<init>(PKCS7.java:110)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/sun.security.util.SignatureFileVerifier.<init>(SignatureFileVerifier.java:123)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/java.util.jar.JarVerifier.processEntry(JarVerifier.java:308)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/java.util.jar.JarVerifier.update(JarVerifier.java:239)
2023/07/28 13:29:57.807 | INFO | jvm 2 | at java.base/java.util.jar.JarFile.initializeVerifier(JarFile.java:765)
2023/07/28 13:29:57.808 | INFO | jvm 2 | at java.base/java.util.jar.JarFile.getInputStream(JarFile.java:853) 

REGRESSION : Last worked in version 11

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Our Java application consists of a number of signed jars with permissions configured via a jaas.policy files.  The application fails to start up under Oracle Java 11.0.12 with a NoClassDefFoundError.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Our signed jars are verified successfully and application starts normally
ACTUAL -
Application fails to start, due to errors listed above

CUSTOMER SUBMITTED WORKAROUND :
When the java.security.manager and java.security.policy system properties are removed, the application starts successfully.

FREQUENCY : always



Comments
It looks like a duplicate of JDK-8314263.
15-08-2023