sslcontext-kickstart
sslcontext-kickstart copied to clipboard
Hakky54
Loading the keystore takes a very long time in some rare cases
Hi, this is more a behavior report than a bug, but it could be valuable to share.
Describe the bug
When loading a keystore, it may get stuck on some rare occasions. It can get stuck for 1, 2, 5, 10 minutes, or indefinitely, as reported by the user.
To Reproduce
The only reported issue was found on Windows 10. Whenever the user tried to initialize our HTTP client, it got stuck. We retrieved the following stack trace from this user's thread dump:
at platform/[email protected]/sun.security.mscapi.CKeyStore.loadKeysOrCertificateChains(Native Method)
at platform/[email protected]/sun.security.mscapi.CKeyStore.engineLoad(CKeyStore.java:734)
at platform/[email protected]/sun.security.mscapi.CKeyStore$MY.engineLoad(CKeyStore.java:60)
at [email protected]/java.security.KeyStore.load(KeyStore.java:1473)
at nl.altindag.ssl.util.KeyStoreUtils.createKeyStore(KeyStoreUtils.java:150)
at nl.altindag.ssl.util.KeyStoreUtils.createKeyStoreIfAvailable(KeyStoreUtils.java:260)
at nl.altindag.ssl.util.KeyStoreUtils.lambda$loadSystemKeyStores$1(KeyStoreUtils.java:233)
at nl.altindag.ssl.util.KeyStoreUtils$$Lambda$1986/0x0000000801397048.apply(Unknown Source)
at [email protected]/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at [email protected]/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
at [email protected]/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at [email protected]/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at [email protected]/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at [email protected]/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at [email protected]/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at [email protected]/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
at nl.altindag.ssl.util.KeyStoreUtils.loadSystemKeyStores(KeyStoreUtils.java:236)
at nl.altindag.ssl.util.TrustManagerUtils.createTrustManagerWithSystemTrustedCertificates(TrustManagerUtils.java:89)
at nl.altindag.ssl.SSLFactory$Builder.withSystemTrustMaterial(SSLFactory.java:209)
Expected behavior
We would expect the loading of the keystore to take a short time.
Environmental Data:
- Java 17
- Windows 10
- Issue happens when using SonarLint (in which we embed the sslcontext-kickstart library) at the IDE startups (when the HTTP client is initialized)
Additional context
The issue was fixed by itself, but the user does not know why. Apparently, nothing was changed.
We saw this JDK bug report mentioning that, on Windows, it may ask for specific privilege to read the certificates, in which case it could explain the issue the user had. Perhaps it is asking for credentials to read the certificate, and the user might have missed it, or it wasn't proposed at all. So far, this is our only guess.
