<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">At Entrust Datacard, we produce a Java based toolkit that contains our own Security Provider. This toolkit and provider has been around for about 19 years.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In JDK version 11.07 (and I also think Java 12 and beyond), our toolkit reports the following error:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt">java.lang.RuntimeException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: X9_31usingAES256, provider: Entrust, class: com.entrust.toolkit.security.crypto.random.X9_31usingAES256)<br>
at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:281)<br>
at java.base/java.security.SecureRandom.<init>(SecureRandom.java:219)<br>
at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:80)<br>
... 41 more<br>
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: X9_31usingAES256, provider: Entrust, class: com.entrust.toolkit.security.crypto.random.X9_31usingAES256)<br>
at java.base/java.security.Provider$Service.newInstance(Provider.java:1825)<br>
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)<br>
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164)<br>
at java.base/java.security.SecureRandom.getInstance(SecureRandom.java:365)<br>
at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:273)<br>
... 43 more<br>
Caused by: java.lang.NullPointerException<br>
<span style="background:yellow;mso-highlight:yellow">at java.base/javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:203)</span><br>
at java.base/javax.crypto.Cipher.getInstance(Cipher.java:690)<br>
at java.base/javax.crypto.Cipher.getInstance(Cipher.java:625)<br>
at com.entrust.toolkit.security.crypto.random.X9_31usingAES256.initialize(X9_31usingAES256.java:524)<br>
at com.entrust.toolkit.security.crypto.random.X9_31usingAES256.<init>(X9_31usingAES256.java:102)<br>
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)<br>
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)<br>
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)<br>
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)<br>
at java.base/java.security.Provider.newInstanceUtil(Provider.java:176)<br>
at java.base/java.security.Provider$Service.newInstance(Provider.java:1818)<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I investigated this error, and found it was made possible because of the following change in Java 11.07 which unmasked a bug in the JVM that has probably been around for years.<o:p></o:p></p>
<p class="MsoNormal"><a href="https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8228613" target="_blank">https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8228613</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It is a problem inside the JceSecurity class. When the class is being loaded, the call to setup a default SecureRandom() instance is invoked. That seems to invoke the JVM to find the first available SecureRandom() instance. This
error happens when our Entrust provider is in first position. In previous versions of the JDK it honoured the order of algorithms specified in the providers. In our Entrust Security provider, we have a number of SecureRandom implementations. Now because
of the above change, it picks a different SecureRandom instance (the X9_31usingAES256). That should be fine, however the problem is that the SecureRandom() setup calls Cipher.getInstance() and as you can see below, that calls JceSecurity.getVerificationResult()
which is static, and uses the verificationResuts Map that has not yet been initialized (becasuse it’s declaration is after the SecureRandom setup). That is why there is a NullPointerException.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">public</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">static</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">final</span></b><span style="font-size:10.0pt;font-family:"Courier New""> Cipher getInstance(String transformation,<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> Provider provider)<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">throws</span></b><span style="font-size:10.0pt;font-family:"Courier New""> NoSuchAlgorithmException, NoSuchPaddingException<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">if</span></b><span style="font-size:10.0pt;font-family:"Courier New""> ((transformation ==
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">) || transformation.equals(</span><span style="font-size:10.0pt;font-family:"Courier New";color:#2A00FF">""</span><span style="font-size:10.0pt;font-family:"Courier New"">))
{<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">throw</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">new</span></b><span style="font-size:10.0pt;font-family:"Courier New""> NoSuchAlgorithmException(</span><span style="font-size:10.0pt;font-family:"Courier New";color:#2A00FF">"Null
or empty transformation"</span><span style="font-size:10.0pt;font-family:"Courier New"">);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">if</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (provider ==
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">throw</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">new</span></b><span style="font-size:10.0pt;font-family:"Courier New""> IllegalArgumentException(</span><span style="font-size:10.0pt;font-family:"Courier New";color:#2A00FF">"Missing
provider"</span><span style="font-size:10.0pt;font-family:"Courier New"">);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> Exception failure =
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> List<Transform> transforms = getTransforms(transformation);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">boolean</span></b><span style="font-size:10.0pt;font-family:"Courier New""> providerChecked =
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">false</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> String paddingError =
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">for</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (Transform tr : transforms) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> Service s = provider.getService(</span><span style="font-size:10.0pt;font-family:"Courier New";color:#2A00FF">"Cipher"</span><span style="font-size:10.0pt;font-family:"Courier New"">,
tr.transform);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">if</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (s ==
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">continue</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">if</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (providerChecked ==
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">false</span></b><span style="font-size:10.0pt;font-family:"Courier New"">) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// for compatibility, first do the lookup and then verify</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// the provider. this makes the difference between a NSAE</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// and a SecurityException if the</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// provider does not support the algorithm.</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";background:#DBEBCC">
<span style="background:yellow;mso-highlight:yellow">Exception ve = JceSecurity.getVerificationResult(provider);</span></span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> </span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">if</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
(ve != </span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> String msg =
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#2A00FF">"JCE cannot authenticate the provider "</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> + provider.getName();<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">throw</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">new</span></b><span style="font-size:10.0pt;font-family:"Courier New""> SecurityException(msg, ve);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> providerChecked =
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">true</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">The JceSecurity.getVerificationResult(provider) method is used when initializing the SecureRandom (first highlighted line below) when the classLoader is loading the JceSecurity class
itself. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">From the JceSecurity class:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055;background:yellow;mso-highlight:yellow">static</span></b><span style="font-size:10.0pt;font-family:"Courier New";background:yellow;mso-highlight:yellow">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055;background:yellow;mso-highlight:yellow">final</span></b><span style="font-size:10.0pt;font-family:"Courier New";background:yellow;mso-highlight:yellow"> SecureRandom RANDOM =
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055;background:yellow;mso-highlight:yellow">new</span></b><span style="font-size:10.0pt;font-family:"Courier New";background:yellow;mso-highlight:yellow"> SecureRandom();</span><span style="font-size:10.0pt;font-family:"Courier New";color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// The defaultPolicy and exemptPolicy will be set up</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// in the static initializer.</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">private</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">static</span></b><span style="font-size:10.0pt;font-family:"Courier New""> CryptoPermissions defaultPolicy =
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">private</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">static</span></b><span style="font-size:10.0pt;font-family:"Courier New""> CryptoPermissions exemptPolicy =
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> </span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// Map<Provider,?> of the providers we already have verified</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// value == PROVIDER_VERIFIED is successfully verified</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// value is failure cause Exception in error case</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";background:#DBEBCC">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055;background:yellow;mso-highlight:yellow">private</span></b><span style="font-size:10.0pt;font-family:"Courier New";background:yellow;mso-highlight:yellow">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055;background:yellow;mso-highlight:yellow">static</span></b><span style="font-size:10.0pt;font-family:"Courier New";background:yellow;mso-highlight:yellow">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055;background:yellow;mso-highlight:yellow">final</span></b><span style="font-size:10.0pt;font-family:"Courier New";background:yellow;mso-highlight:yellow"> Map<Provider, Object> verificationResults
=<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";background:yellow;mso-highlight:yellow">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055;background:yellow;mso-highlight:yellow">new</span></b><span style="font-size:10.0pt;font-family:"Courier New";background:yellow;mso-highlight:yellow"> IdentityHashMap<>();</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">It fails when it calls the following code in JceSecurity.java because the verificationResults Map<Provider, Object> has not been initialized because the SecureRandom() constructor
ends up calling the JceSecurity.getVerificationResult() static method that makes use of the Map! That explains the NullPointerException.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">The fix to the issue should be simple, just move the initialization of the verificationResults Map BEFORE the SecureRandom initialization in JceSecurity.java<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">Because verificationResults is not initialized, the line highlighted below fails (Because the Map has not been initialized).<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">/*</span><span style="font-size:10.0pt;font-family:"Courier New";color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F"> * Verify that the provider JAR files are signed properly, which</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F"> * means the signer's certificate can be traced back to a</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F"> * JCE trusted CA.</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F"> * Return null if ok, failure Exception if verification failed.</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F"> */</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">static</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">synchronized</span></b><span style="font-size:10.0pt;font-family:"Courier New""> Exception getVerificationResult(Provider p) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";background:#C6DBAE">
<span style="background:yellow;mso-highlight:yellow">Object o = verificationResults.get(p);</span></span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">if</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (o == PROVIDER_VERIFIED) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">return</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">else</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">if</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (o !=
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">return</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (Exception)o;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">if</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (verifyingProviders.get(p) !=
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// this method is static synchronized, must be recursion</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// return failure now but do not save the result</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">return</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">new</span></b><span style="font-size:10.0pt;font-family:"Courier New""> NoSuchProviderException(</span><span style="font-size:10.0pt;font-family:"Courier New";color:#2A00FF">"Recursion
during verification"</span><span style="font-size:10.0pt;font-family:"Courier New"">);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">try</span></b><span style="font-size:10.0pt;font-family:"Courier New""> {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> verifyingProviders.put(p, Boolean.FALSE);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> URL providerURL = getCodeBase(p.getClass());<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> verifyProvider(providerURL, p);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><span style="font-size:10.0pt;font-family:"Courier New";color:#3F7F5F">// Verified ok, cache result</span><span style="font-size:10.0pt;font-family:"Courier New""><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> verificationResults.put(p, PROVIDER_VERIFIED);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">return</span></b><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">null</span></b><span style="font-size:10.0pt;font-family:"Courier New"">;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">catch</span></b><span style="font-size:10.0pt;font-family:"Courier New""> (Exception e) {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> verificationResults.put(p, e);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">return</span></b><span style="font-size:10.0pt;font-family:"Courier New""> e;<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }
</span><b><span style="font-size:10.0pt;font-family:"Courier New";color:#7F0055">finally</span></b><span style="font-size:10.0pt;font-family:"Courier New""> {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> verifyingProviders.remove(p);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">Cheers,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">John Gray<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""> <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>