Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenWebstart get stuck on certificate selection screen (multi-threading with event dispatch thread hack) #962

Open
merkisoft opened this issue Nov 25, 2024 · 1 comment
Open

OpenWebstart get stuck on certificate selection screen (multi-threading with event dispatch thread hack) #962

merkisoft opened this issue Nov 25, 2024 · 1 comment

Comments

@merkisoft
Copy link

I was able to reproduce this with a self-issued certificate on localhost.

The problem exists when doing a backend call in a SwingUtilities.invokeLater at the same time as a background thread calls a the backend to the server with a broken certificate.

Result: the certificate dialog and the UI are completely frozen.

Now it's super easy to reproduce, see my comment:
karakun/OpenWebStart#594 (comment)

I suspect that the locking does not work properly in this case, in the following section:

IcedTea-Web/core/src/main/java/net/adoptopenjdk/icedteaweb/client/parts/dialogs/security/SecurityDialogs.java

Line 305 in d841424

if (SwingUtils.isEventDispatchThread()) { 

            message.lock = null;    
...

            // background thread
            message.lock = new Semaphore(0);
            ...
            message.lock.acquire();

and most likely both call JNLPRuntime.getSecurityDialogHandler().postMessage(message);

btw this issue was first raised here: karakun/OpenWebStart#594
but the broken code is in this repo (14 year old code ... :-))
@merkisoft merkisoft mentioned this issue Nov 25, 2024
Open
@merkisoft
Copy link
Author

merkisoft commented Nov 25, 2024
edited
Loading

i hooked up the debugger and found:

"AWT-EventQueue-1@4187" prio=6 tid=0x30 nid=NA waiting for monitor entry
  java.lang.Thread.State: BLOCKED
	 waiting for Kursverwaltung@4178 to release lock on <0x168a> (a net.sourceforge.jnlp.security.VariableX509TrustManager)
	  at net.sourceforge.jnlp.security.VariableX509TrustManager.checkTrustServer(VariableX509TrustManager.java:191)

checkTrustServer is synchronized and blocking the AWT EventQueue-1
(Kursverwaltung is the "main/background" thread - it's the name of jnlp project)

using adoptium_11.0.23_x64

full thread dump:

  java.lang.Thread.State: BLOCKED
	 waiting for Kursverwaltung@4178 to release lock on <0x168a> (a net.sourceforge.jnlp.security.VariableX509TrustManager)
	  at net.sourceforge.jnlp.security.VariableX509TrustManager.checkTrustServer(VariableX509TrustManager.java:191)
	  at net.sourceforge.jnlp.security.VariableX509TrustManagerJDK7.checkTrustServer(VariableX509TrustManagerJDK7.java:104)
	  at net.sourceforge.jnlp.security.VariableX509TrustManagerJDK7.checkServerTrusted(VariableX509TrustManagerJDK7.java:70)
	  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
	  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
	  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
	  at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	  at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
	  at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
	  at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511)
	  at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
	  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)
	  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)
	  at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580)
	  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201)
	  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1614)
	  - locked <0x16a5> (a sun.net.www.protocol.https.DelegateHttpsURLConnection)
	  at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1534)
	  at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1532)
	  at java.security.AccessController.doPrivileged(AccessController.java:-1)
	  at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:795)
	  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1531)
	  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
	  - locked <0x16a6> (a sun.net.www.protocol.https.HttpsURLConnectionImpl)
	  at java.net.URL.openStream(URL.java:1165)
	  at CertTest.call(CertTest.java:39)
	  at CertTest.lambda$main$0(CertTest.java:29)


"Kursverwaltung@4178" prio=5 tid=0x2e nid=NA waiting
  java.lang.Thread.State: WAITING
	 blocks AWT-EventQueue-1@4187
	  at jdk.internal.misc.Unsafe.park(Unsafe.java:-1)
	  at java.util.concurrent.locks.LockSupport.park(LockSupport.java:194)
	  at java.util.concurrent.locks.AbstractQueuedSynchronizer.parkAndCheckInterrupt(AbstractQueuedSynchronizer.java:885)
	  at java.util.concurrent.locks.AbstractQueuedSynchronizer.doAcquireSharedInterruptibly(AbstractQueuedSynchronizer.java:1039)
	  at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireSharedInterruptibly(AbstractQueuedSynchronizer.java:1345)
	  at java.util.concurrent.Semaphore.acquire(Semaphore.java:318)
	  at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialogs.getUserResponse(SecurityDialogs.java:350)
	  at net.adoptopenjdk.icedteaweb.client.parts.dialogs.security.SecurityDialogs.showCertWarningDialog(SecurityDialogs.java:165)
	  at net.sourceforge.jnlp.security.VariableX509TrustManager$1.run(VariableX509TrustManager.java:397)
	  at net.sourceforge.jnlp.security.VariableX509TrustManager$1.run(VariableX509TrustManager.java:394)
	  at java.security.AccessController.doPrivileged(AccessController.java:-1)
	  at net.sourceforge.jnlp.security.VariableX509TrustManager.askUser(VariableX509TrustManager.java:394)
	  at net.sourceforge.jnlp.security.VariableX509TrustManager.checkTrustServer(VariableX509TrustManager.java:227)
	  - locked <0x168a> (a net.sourceforge.jnlp.security.VariableX509TrustManager)
	  at net.sourceforge.jnlp.security.VariableX509TrustManagerJDK7.checkTrustServer(VariableX509TrustManagerJDK7.java:104)
	  at net.sourceforge.jnlp.security.VariableX509TrustManagerJDK7.checkServerTrusted(VariableX509TrustManagerJDK7.java:70)
	  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
	  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
	  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
	  at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	  at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
	  at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
	  at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511)
	  at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
	  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)
	  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)
	  at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580)
	  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201)
	  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1614)
	  - locked <0x16a3> (a sun.net.www.protocol.https.DelegateHttpsURLConnection)
	  at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1534)
	  at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1532)
	  at java.security.AccessController.doPrivileged(AccessController.java:-1)
	  at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:795)
	  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1531)
	  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
	  - locked <0x16a4> (a sun.net.www.protocol.https.HttpsURLConnectionImpl)
	  at java.net.URL.openStream(URL.java:1165)
	  at CertTest.call(CertTest.java:39)
	  at CertTest.main(CertTest.java:32)

if you read this far: I found a potentially hack to simply overcome this problem for my clients, but it's completely incorrect - hence I'm not publishing that here... send me a message if you want to know more :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@merkisoft