JDK-8352728 : InternalError loading java.security due to Windows parent folder permissions
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 24
  • Priority: P4
  • Status: New
  • Resolution: Unresolved
  • OS: windows
  • CPU: x86_64
  • Submitted: 2025-03-24
  • Updated: 2025-03-24
Description
If jdk-24 on Windows x64 is installed within a sub-folder of a parent for which your "users" does not have access, then when java.security is accessed a java.lang.InternalError is generated.

Re-create:
1. Create a Windows file system setup with the following security:
- c:\parent_folder : No user permissions
-     c:\parent_folder\jdk\jdk-24 : JDK HOME folder, with user permissions
2. Run a testcase that causes c:\parent_folder\jdk\jdk-24\conf\security\java.security to be loaded, eg:
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;


public class md5test {
    public static void main(String[] args) {
        String message = "Text";
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            md.update(message.getBytes());
            byte[] digest = md.digest();
            System.out.println("Message: " + message);
            System.out.println("SHA-256 Hash: " + bytesToHex(digest));
        } catch (NoSuchAlgorithmException e) {
            System.err.println("Error: SHA-256 algorithm not available.");
            e.printStackTrace();
        }
    }

    private static String bytesToHex(byte[] bytes) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bytes) {
            sb.append(String.format("%02x", b));
        }
        return sb.toString();
    }
}

Run testcase, fails as follows:
Exception in thread "main" java.lang.InternalError: Error loading java.security file
        at java.base/java.security.Security$SecPropLoader.loadMaster(Security.java:142)
        at java.base/java.security.Security$SecPropLoader.loadAll(Security.java:120)
        at java.base/java.security.Security.initialize(Security.java:326)
        at java.base/java.security.Security.<clinit>(Security.java:315)
        at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:170)
        at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:89)
        at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
        at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:144)
        at java.base/java.security.MessageDigest.getInstance(MessageDigest.java:185)
        at md5test.main(md5test.java:10)
Caused by: java.nio.file.AccessDeniedException: C:\parent_folder\jdk\jdk-24\conf\security\java.security
        at java.base/sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:89)
        at java.base/sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:96)
        at java.base/sun.nio.fs.WindowsLinkSupport.getRealPath(WindowsLinkSupport.java:280)
        at java.base/sun.nio.fs.WindowsPath.toRealPath(WindowsPath.java:907)
        at java.base/sun.nio.fs.WindowsPath.toRealPath(WindowsPath.java:42)
        at java.base/java.security.Security$SecPropLoader.loadFromPath(Security.java:269)
        at java.base/java.security.Security$SecPropLoader.loadMaster(Security.java:139)
        ... 9 more
Comments
Note this passes on jdk-23.0.2+7, so is a regression.
24-03-2025