Modify

Opened 8 months ago

Closed 8 months ago

#15783 closed defect (fixed)

SecurityException prevents JOSM to start with Java 9 / WebStart

Reported by: Don-vip Owned by: team
Priority: major Milestone: 18.01
Component: Core Webstart Version:
Keywords: security java9 nashorn Cc:

Description

While trying to investigate #15782 I played with WebStart and found a situation when JOSM cannot start with Java 9 (no problem with Java 10, but...)

Non blocking error, only on console:

2018-01-15 23:35:21.567 SEVERE: java.security.KeyStoreException: Windows-ROOT not found. Cause: java.security.NoSuchAlgorithmException: Error constructing KeyStore for Windows-ROOT using SunMSCAPI. Cause: java.lang.SecurityException: attempt to add a Permission to a readonly Permissions object
java.security.KeyStoreException: Windows-ROOT not found
	at java.base/java.security.KeyStore.getInstance(KeyStore.java:878)
	at org.openstreetmap.josm.tools.PlatformHookWindows.getRootKeystore(PlatformHookWindows.java:337)
	at org.openstreetmap.josm.tools.PlatformHookWindows.getX509Certificate(PlatformHookWindows.java:443)
	at org.openstreetmap.josm.io.CertificateAmendment.addMissingCertificates(CertificateAmendment.java:147)
	at org.openstreetmap.josm.gui.MainApplication.mainJOSM(MainApplication.java:966)
	at org.openstreetmap.josm.gui.MainApplication$2.processArguments(MainApplication.java:279)
	at org.openstreetmap.josm.gui.MainApplication.main(MainApplication.java:846)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at jdk.javaws@9.0.1/com.sun.javaws.Launcher.executeApplication(Launcher.java:1741)
	at jdk.javaws@9.0.1/com.sun.javaws.Launcher.executeMainClass(Launcher.java:1677)
	at jdk.javaws@9.0.1/com.sun.javaws.Launcher.doLaunchApp(Launcher.java:1525)
	at jdk.javaws@9.0.1/com.sun.javaws.Launcher.run(Launcher.java:158)
	at java.base/java.lang.Thread.run(Thread.java:844)
Caused by: java.security.NoSuchAlgorithmException: Error constructing KeyStore for Windows-ROOT using SunMSCAPI
	at jdk.crypto.mscapi/sun.security.mscapi.SunMSCAPI$ProviderService.newInstance(SunMSCAPI.java:120)
	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
	at java.base/java.security.Security.getImpl(Security.java:697)
	at java.base/java.security.KeyStore.getInstance(KeyStore.java:875)
	... 15 more
Caused by: java.lang.SecurityException: attempt to add a Permission to a readonly Permissions object
	at java.base/java.security.Permissions.add(Permissions.java:128)
	at java.base/java.security.Policy.addStaticPerms(Policy.java:702)
	at java.base/java.security.Policy.getPermissions(Policy.java:689)
	at java.base/java.security.Policy.implies(Policy.java:737)
	at java.base/java.security.ProtectionDomain.implies(ProtectionDomain.java:323)
	at java.base/java.security.ProtectionDomain.impliesWithAltFilePerm(ProtectionDomain.java:355)
	at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:450)
	at java.base/java.security.AccessController.checkPermission(AccessController.java:895)
	at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:558)
	at jdk.javaws@9.0.1/com.sun.javaws.security.JavaWebStartSecurity.checkPermission(JavaWebStartSecurity.java:237)
	at java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
	at java.base/java.lang.System.getProperty(System.java:774)
	at jdk.crypto.mscapi/sun.security.mscapi.KeyStore.lambda$new$0(KeyStore.java:205)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at jdk.crypto.mscapi/sun.security.mscapi.KeyStore.<init>(KeyStore.java:204)
	at jdk.crypto.mscapi/sun.security.mscapi.KeyStore$ROOT.<init>(KeyStore.java:62)
	at jdk.crypto.mscapi/sun.security.mscapi.SunMSCAPI$ProviderService.newInstance(SunMSCAPI.java:91)
	... 19 more

Blocking error, JOSM fails to start:

java.lang.SecurityException: attempt to add a Permission to a readonly Permissions object
	at java.base/java.security.Permissions.add(Permissions.java:128)
	at java.base/java.security.Policy.addStaticPerms(Policy.java:702)
	at java.base/java.security.Policy.getPermissions(Policy.java:689)
	at java.base/java.security.Policy.implies(Policy.java:737)
	at java.base/java.security.ProtectionDomain.implies(ProtectionDomain.java:323)
	at java.base/java.security.ProtectionDomain.impliesCreateAccessControlContext(ProtectionDomain.java:401)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.options.Options.getBooleanProperty(Options.java:154)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.options.Options.getBooleanProperty(Options.java:179)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.Context.<clinit>(Context.java:361)
	at jdk.scripting.nashorn/jdk.nashorn.api.scripting.NashornScriptEngineFactory.getScriptEngine(NashornScriptEngineFactory.java:150)
	at java.scripting/javax.script.ScriptEngineManager.getEngineByName(ScriptEngineManager.java:238)
	at org.openstreetmap.josm.data.validation.tests.OpeningHourTest.<clinit>(OpeningHourTest.java:38)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:488)
	at org.openstreetmap.josm.data.validation.OsmValidator.addTest(OsmValidator.java:151)
	at org.openstreetmap.josm.data.validation.OsmValidator.<clinit>(OsmValidator.java:159)
	at org.openstreetmap.josm.Main$InitializationTask.call(Main.java:254)
	at org.openstreetmap.josm.Main$InitializationTask.call(Main.java:233)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
	at java.base/java.lang.Thread.run(Thread.java:844)

Attachments (0)

Change History (3)

comment:1 Changed 8 months ago by Don-vip

Keywords: nashorn added

comment:2 Changed 8 months ago by Don-vip

In 13331/josm:

see #14097, see #15783 - robustness to situations where JavaScript engine cannot be retrieved, for whatever reason

comment:3 Changed 8 months ago by Don-vip

Resolution: fixed
Status: newclosed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.