Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JTreg security test fails due to unexpected 401 return code from test server #2990

Closed
ben-walsh opened this issue Sep 24, 2018 · 26 comments · Fixed by #3051
Closed

JTreg security test fails due to unexpected 401 return code from test server #2990

ben-walsh opened this issue Sep 24, 2018 · 26 comments · Fixed by #3051
Labels
comp:vm test failure
Milestone
Release 0.10.0

Comments

@ben-walsh
Copy link
Contributor

ben-walsh commented Sep 24, 2018
edited
Loading

Test test8077155 of test/jdk/sun/security/krb5/auto/HttpNegotiateServer.java fails with the following exception stack when run against OpenJ9. No such error occurs when run against Hotspot ...

Expecting to succeed when executing with the the logged in subject.
GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null)))
	at java.security.jgss/sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:453)
	at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:266)
	at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
	at java.security.jgss/sun.net.www.protocol.http.spnego.NegotiatorImpl.init(NegotiatorImpl.java:108)
	at java.security.jgss/sun.net.www.protocol.http.spnego.NegotiatorImpl.<init>(NegotiatorImpl.java:117)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
	at java.base/sun.net.www.protocol.http.Negotiator.getNegotiator(Negotiator.java:65)
	at java.base/sun.net.www.protocol.http.NegotiateAuthentication.firstToken(NegotiateAuthentication.java:234)
	at java.base/sun.net.www.protocol.http.NegotiateAuthentication.setHeaders(NegotiateAuthentication.java:209)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:2564)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1755)
	at java.base/sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1501)
	at java.base/sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1499)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:904)
	at java.base/java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:946)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
	at HttpNegotiateServer.testConnect(HttpNegotiateServer.java:293)
	at HttpNegotiateServer$3.run(HttpNegotiateServer.java:381)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:732)
	at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
	at HttpNegotiateServer.test8077155(HttpNegotiateServer.java:390)
	at HttpNegotiateServer.main(HttpNegotiateServer.java:237)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
	at java.base/java.lang.Thread.run(Thread.java:825)
Caused by: GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
	at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:344)
	at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:145)
	at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
	at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:191)
	at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218)
	at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
	at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
	at java.security.jgss/sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)
	at java.security.jgss/sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:316)
	... 30 more
Caused by: javax.security.auth.login.LoginException: No password provided
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:896)
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:737)
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
	at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:732)
	at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
	at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
	at java.security.jgss/sun.security.jgss.GSSUtil.login(GSSUtil.java:258)
	at java.security.jgss/sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:158)
	at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:336)
	at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:332)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:696)
	at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:331)
	... 38 more
java.lang.RuntimeException: java.io.IOException: Server returned HTTP response code: 401 for URL: http://host.web.domain:39824/a/b/c
	at HttpNegotiateServer.testConnect(HttpNegotiateServer.java:302)
	at HttpNegotiateServer$3.run(HttpNegotiateServer.java:381)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:732)
	at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
	at HttpNegotiateServer.test8077155(HttpNegotiateServer.java:390)
	at HttpNegotiateServer.main(HttpNegotiateServer.java:237)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
	at java.base/java.lang.Thread.run(Thread.java:825)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: http://host.web.domain:39824/a/b/c
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1913)
	at java.base/sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1501)
	at java.base/sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1499)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:904)
	at java.base/java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:946)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
	at HttpNegotiateServer.testConnect(HttpNegotiateServer.java:293)
	... 11 more
java.lang.RuntimeException: Test error
	at HttpNegotiateServer.main(HttpNegotiateServer.java:244)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
	at java.base/java.lang.Thread.run(Thread.java:825)

The unexpected 401 response code is returned from the test server despite using the correct username and password to authenticate.

This is a regression test added alongisde the fix that went in for this OpenJDK bug - https://bugs.openjdk.java.net/browse/JDK-8077155

OpenJ9 build tested with ...

openjdk version "11" 2018-09-25
OpenJDK Runtime Environment AdoptOpenJDK (build 11+28-201809231808)
Eclipse OpenJ9 VM AdoptOpenJDK (build master-38a825c3, JRE 11 Linux amd64-64-Bit Compressed References 20180923_22 (JIT enabled, AOT enabled)
OpenJ9   - 38a825c3
OMR      - fcbe08d1
JCL      - afdb7423f7 based on jdk-11+28)

Hotspot build test with ...

openjdk version "11" 2018-09-25
OpenJDK Runtime Environment 18.9 (build 11+28)
OpenJDK 64-Bit Server VM 18.9 (build 11+28, mixed mode)

Full archive of JTreg logs :
HNSFailure.tar.gz
@pshipton pshipton added this to the Release 0.10.0 milestone Sep 24, 2018
@hangshao0
Copy link
Contributor

Will take a look at it

@hangshao0
Copy link
Contributor

Do you know if OpenJ9 ever pass this test ? @ben-walsh

@pshipton
Copy link
Member

Probably not, this is the first attempt at Java 11 testing. You could try other versions of Java.

@hangshao0
Copy link
Contributor

This test failed due to the falling call returning null

https://github.com/ibmruntimes/openj9-openjdk-jdk11/blob/openj9/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java#L893toL894

@hangshao0
Copy link
Contributor

Also failed on OpenJ9 Java 8.

@ben-walsh
Copy link
Contributor Author

ben-walsh commented Sep 25, 2018
edited
Loading

@hangshao0 Potentially not. Reason this group of tests including this one is being run, is because a couple of them were adapted for TLS 1.3 support for Java 11 and it was a small additional effort to run the entire group under the Java 11 testing.

@hangshao0
Copy link
Contributor

Compared the passing and failing outputs, didn't find any clue,

@JasonFengJ9
Copy link
Member

Note: the security code in question all from OpenJDK, there was no J9 security code involved.

@hangshao0 could you post the exception within the test output from both J9 and RI and elaborate the difference?

@hangshao0
Copy link
Contributor

hangshao0 commented Sep 25, 2018
edited
Loading

I see trace points:

19:51:16.221 0x9d4a00              mt.0         > javax/security/auth/callback/PasswordCallback.setPassword([C)V bytecode method, this = 0xfff8e030
19:51:16.221 0x9d4a00              mt.18         - this: javax/security/auth/callback/PasswordCallback@00000000FFF8E030 method arguments: ([C@00000000E01111E8)
19:51:16.221 0x9d4a00              mt.6         < javax/security/auth/callback/PasswordCallback.setPassword([C)V bytecode method
19:51:16.221 0x9d4a00              mt.0         > javax/security/auth/callback/PasswordCallback.getPassword()[C bytecode method, this = 0xfff8e030
19:51:16.221 0x9d4a00              mt.18         - this: javax/security/auth/callback/PasswordCallback@00000000FFF8E030 method arguments: ()
19:51:16.221 0x9d4a00              mt.6         < javax/security/auth/callback/PasswordCallback.getPassword()[C bytecode method
19:51:16.221 0x9d4a00              mt.28        - return value: [C@00000000FFF91840


Expecting to succeed when executing with the the logged in subject.
19:51:16.548 0x9d4a00              mt.0         > javax/security/auth/callback/PasswordCallback.setPassword([C)V bytecode method, this = 0xffe27208
19:51:16.548 0x9d4a00              mt.18         - this: javax/security/auth/callback/PasswordCallback@00000000FFE27208 method arguments: (null)
19:51:16.548 0x9d4a00              mt.6         < javax/security/auth/callback/PasswordCallback.setPassword([C)V bytecode method
19:51:16.548 0x9d4a00              mt.0         > javax/security/auth/callback/PasswordCallback.getPassword()[C bytecode method, this = 0xffe27208
19:51:16.548 0x9d4a00              mt.18         - this: javax/security/auth/callback/PasswordCallback@00000000FFE27208 method arguments: ()
19:51:16.548 0x9d4a00              mt.6         < javax/security/auth/callback/PasswordCallback.getPassword()[C bytecode method
19:51:16.548 0x9d4a00              mt.28        - return value: null

Password was initially set to correct value, then it is set to null.

@hangshao0
Copy link
Contributor

The call stack that overwrites the initial password to null is:

at javax.security.auth.callback.PasswordCallback.setPassword(PasswordCallback.java:111)
        at sun.net.www.protocol.http.spnego.NegotiateCallbackHandler.handle(NegotiateCallbackHandler.java:101)
        at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:892)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:737)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
        at java.security.AccessController.doPrivileged(AccessController.java:732)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:574)
        at sun.security.jgss.GSSUtil.login(GSSUtil.java:258)
        at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:158)
        at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:336)
        at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:332)
        at java.security.AccessController.doPrivileged(AccessController.java:696)
        at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:331)
        at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:145)
        at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
        at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:191)
        at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
        at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)
        at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:316)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:266)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
        at sun.net.www.protocol.http.spnego.NegotiatorImpl.init(NegotiatorImpl.java:108)
        at sun.net.www.protocol.http.spnego.NegotiatorImpl.<init>(NegotiatorImpl.java:117)
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(NativeConstructorAccessorImpl.java:-2)
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at sun.net.www.protocol.http.Negotiator.getNegotiator(Negotiator.java:65)
        at sun.net.www.protocol.http.NegotiateAuthentication.firstToken(NegotiateAuthentication.java:234)
        at sun.net.www.protocol.http.NegotiateAuthentication.setHeaders(NegotiateAuthentication.java:209)
        at sun.net.www.protocol.http.HttpURLConnection.getServerAuthentication(HttpURLConnection.java:2564)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1755)
        at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1501)
        at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1499)
        at java.security.AccessController.doPrivileged(AccessController.java:904)
        at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:946)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
        at HttpNegotiateServer.testConnect(HttpNegotiateServer.java:293)
        at HttpNegotiateServer$3.run(HttpNegotiateServer.java:381)
        at java.security.AccessController.doPrivileged(AccessController.java:732)
        at javax.security.auth.Subject.doAs(Subject.java:423)
        at HttpNegotiateServer.test8077155(HttpNegotiateServer.java:390)
        at HttpNegotiateServer.main(HttpNegotiateServer.java:237)
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:566)
        at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
        at java.lang.Thread.run(Thread.java:825)

@JasonFengJ9
Copy link
Member 

                /**
                 * To be compatible with existing callback handler implementations,
                 * when the underlying Authenticator is canceled, username and
                 * password are assigned null. No exception is thrown.
                 */
                if (passAuth != null) {
                    username = passAuth.getUserName();
                    password = passAuth.getPassword();
                }

@pshipton
Copy link
Member

Try using the java debugger to step through the code and see why the password gets set to null,

@hangshao0
Copy link
Contributor

Tested on RI, Password will only be set once (to the correct value).

I have compared the parameters passed to javax.security.auth.Subject.doAs(), they are essentially the same. The difference is that OpenJ9 calls into PasswordCallback.setPassword() from javax.security.auth.Subject.doAs() and RI does not.

@pshipton
Copy link
Member

Where does the null password come from? i.e. does the PasswordAuthentication instance come back as null in the NegotiateCallbackHandler.handle() call? How does the valid password get set? Basically where does OpenJ9 start to differ in the code being run from what the RI is doing?

@hangshao0
Copy link
Contributor

does the PasswordAuthentication instance come back as null in the NegotiateCallbackHandler.handle() call?

From the trace points, I don't see the call to getPassword() after requestPasswordAuthenticationInstance(), so PasswordAuthentication instance in null.

18:27:50.173 0x16d2a00              mt.0         > java/net/Authenticator.requestPasswordAuthenticationInstance(Ljava/lang/String;Ljava/net/InetAddress;ILjava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/net/URL;Ljava/net/Authenticator$RequestorType;)Ljava/net/PasswordAuthentication; bytecode method, this = 0xfffa4b48
18:27:50.173 0x16d2a00              mt.6         < java/net/Authenticator.requestPasswordAuthenticationInstance(Ljava/lang/String;Ljava/net/InetAddress;ILjava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/net/URL;Ljava/net/Authenticator$RequestorType;)Ljava/net/PasswordAuthentication; bytecode method
18:27:50.173 0x16d2a00              mt.0         > javax/security/auth/callback/PasswordCallback.setPassword([C)V bytecode method, this = 0xffe61350

How does the valid password get set?

It is set by:

Set password to [C@2ec703de
        at javax.security.auth.callback.PasswordCallback.setPassword(PasswordCallback.java:111)
        at HttpNegotiateServer$1.handle(HttpNegotiateServer.java:333)
        at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:892)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:737)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
        at java.security.AccessController.doPrivileged(AccessController.java:732)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:574)
        at HttpNegotiateServer.test8077155(HttpNegotiateServer.java:368)
        at HttpNegotiateServer.main(HttpNegotiateServer.java:237)
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:566)
        at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
        at java.lang.Thread.run(Thread.java:825)

Basically where does OpenJ9 start to differ in the code being run from what the RI is doing?

Still trying to figure it out.

@hangshao0
Copy link
Contributor

The null PasswordAuthentication instance is from HttpNegotiateServer.java:

static class KnowNothingAuthenticator extends java.net.Authenticator {
       public PasswordAuthentication getPasswordAuthentication () {
           HttpNegotiateServer.count++;
           return null;
       }
   }

@pshipton
Copy link
Member

I'm guessing the problem is in the following area, my assumption being that it should find the existing ticket from the original login, but doesn't.

     /**
     * Retrieves the ticket corresponding to the client/server principal
     * pair from the Subject in the specified AccessControlContext.
     * If the ticket can not be found in the Subject, and if
     * useSubjectCredsOnly is false, then obtain ticket from
     * a LoginContext.
     */
    static KerberosTicket getTicket(GSSCaller caller,

@hangshao0
Copy link
Contributor 

static KerberosTicket getTicket(GSSCaller caller,
        String clientPrincipal, String serverPrincipal,
        AccessControlContext acc) throws LoginException {

        // Try to get ticket from acc's Subject
        Subject accSubj = Subject.getSubject(acc);

Subject.getSubject(acc) returns null on OpenJ9, it returns a valid subject on RI

@hangshao0
Copy link
Contributor

OpenJ9 and RI starts to differ from here in Subject.getSubject():

DomainCombiner dc = acc.getDomainCombiner();
if (!(dc instanceof SubjectDomainCombiner)) {
      return null;                   <------------------  OpenJ9 returns from here
}
SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc;
      return sdc.getSubject();     <------------------  RI returns from here

@hangshao0
Copy link
Contributor

hangshao0 commented Sep 26, 2018
edited
Loading

The parameter acc passed to Subject.getSubject(acc) is originally from AccessController.getContext(). OpenJ9 has its own implementation of AccessController.java and AccessControlContext.java, which is likely the root cause of this failure.

@pshipton
Copy link
Member

@JasonFengJ9 please help determine why the DomainCombiner is being lost.

@JasonFengJ9
Copy link
Member

JasonFengJ9 commented Sep 27, 2018
edited
Loading

The problem is during enumerating AccessControlContext and ProtectionDomain objects when limited privilege has been specified in current thread access context within j.s.AccessController.getContextHelper().
In this failed testcase, there are two frames of access control objects returned from AccessController.getAccSnapshot(), first frame contains an AccessControlContext object with null domainCombiner, and the second frame contains another AccessControlContext object with SubjectDomainCombiner.
Current algorithm returns first frame AccessControlContext object with next frame AccessControlContext as AccessControlContext.nextStackAcc hence SubjectDomainCombiner doesn't present at returning AccessControlContext.domainCombiner.
Adding following hack code snippet for the returning AccessControlContext object makes the test pass.

    			if (null != acc && null != acc.domainCombiner) {
				accContext.domainCombiner = acc.domainCombiner;
			}

This is not a proper fix but indeed shows where is the problem and the direction for actual fix.

@ben-walsh
Copy link
Contributor Author

This test fails in same way on OpenJDK8+OpenJ9 ...

#Test Results (version 2)
#Thu Sep 27 11:42:55 BST 2018
#-----testdescription-----
$file=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
$root=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test
keywords=bug6578647 bug6829283 othervm
run=USER_SPECIFIED main/othervm -Dsun.net.spi.nameservice.provider.1\=ns,mock HttpNegotiateServer\n
source=HttpNegotiateServer.java
title=HTTP/Negotiate\: Authenticator triggered again when user cancels the first one

#-----environment-----

#-----testresult-----
description=file\:/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
elapsed=5726 0\:00\:05.726
end=Thu Sep 27 11\:42\:55 BST 2018
environment=regtest
execStatus=Failed. Execution failed\: `main' threw exception\: java.lang.RuntimeException\: Test error
harnessLoaderMode=Classpath Loader
harnessVariety=Full Bundle
hostname=bendev.hursley.ibm.com
javatestOS=Linux 4.4.0-64-generic (amd64)
javatestVersion=5.0
jtregVersion=jtreg 4.2 dev 398
script=com.sun.javatest.regtest.exec.RegressionScript
sections=script_messages build compile main
start=Thu Sep 27 11\:42\:49 BST 2018
test=sun/security/krb5/auto/HttpNegotiateServer.java
testJDK=/home/walshbp/openjdk8-openj9-binary/jdk8u181-b13
totalTime=5734
user.name=walshbp
work=/home/walshbp/jtreg_testing/JTwork/sun/security/krb5/auto

#section:script_messages
----------messages:(7/357)----------
JDK under test: /home/walshbp/openjdk8-openj9-binary/jdk8u181-b13
openjdk version "1.8.0_181"
OpenJDK Runtime Environment (build 1.8.0_181-b13)
Eclipse OpenJ9 VM (build openj9-0.9.0, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20180813_291 (JIT enabled, AOT enabled)
OpenJ9   - 24e53631
OMR      - fad6bf6e
JCL      - a05586ac based on jdk8u181-b13)

#section:build
----------messages:(5/151)----------
command: build HttpNegotiateServer
reason: Named class compiled on demand
Test directory:
  compile: HttpNegotiateServer
elapsed time (seconds): 2.637
result: Passed. Build successful

#section:compile
----------messages:(4/241)----------
command: compile -XDignore.symbol.file=true /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
reason: .class file out of date or does not exist
Mode: othervm
elapsed time (seconds): 2.619
----------configuration:(6/377)----------
javac compilation environment
  source path: /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto
  class path:  /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto
               /home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto
               /home/walshbp/openjdk8-openj9-binary/jdk8u181-b13/lib/tools.jar

----------rerun:(24/1614)*----------
cd /home/walshbp/jtreg_testing/JTwork/scratch && \\
DISPLAY=:1 \\
GNOME_DESKTOP_SESSION_ID=this-is-deprecated \\
HOME=/home/walshbp \\
LANG=en_GB.UTF-8 \\
PATH=/bin:/usr/bin \\
XMODIFIERS=@im=ibus \\
    /home/walshbp/openjdk8-openj9-binary/jdk8u181-b13/bin/javac \\
        -J-XX:HeapDumpPath=/tmp \\
        -J-Dtest.src=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto \\
        -J-Dtest.src.path=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto \\
        -J-Dtest.classes=/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto \\
        -J-Dtest.class.path=/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto \\
        -J-Dtest.vm.opts=-XX:HeapDumpPath=/tmp \\
        -J-Dtest.tool.vm.opts=-J-XX:HeapDumpPath=/tmp \\
        -J-Dtest.compiler.opts= \\
        -J-Dtest.java.opts= \\
        -J-Dtest.jdk=/home/walshbp/openjdk8-openj9-binary/jdk8u181-b13 \\
        -J-Dcompile.jdk=/home/walshbp/openjdk8-openj9-binary/jdk8u181-b13 \\
        -J-Dtest.timeout.factor=1.0 \\
        -d /home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto \\
        -sourcepath /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto \\
        -classpath /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto:/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto:/home/walshbp/openjdk8-openj9-binary/jdk8u181-b13/lib/tools.jar \\
        -XDignore.symbol.file=true /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
----------System.out:(0/0)----------
----------System.err:(4/363)----------
Note: /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
result: Passed. Compilation successful

#section:main
----------messages:(4/257)----------
command: main -Dsun.net.spi.nameservice.provider.1=ns,mock HttpNegotiateServer
reason: User specified action: run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock HttpNegotiateServer 
Mode: othervm [/othervm specified]
elapsed time (seconds): 2.93
----------configuration:(0/0)----------
----------System.out:(76/3890)----------
Start KDC on 14648
Start KDC on 10188
-----------------------------------------------
>>>>> UDP packet received
WEB.DOMAIN> web@WEB.DOMAIN sends AS-REQ for krbtgt/WEB.DOMAIN@WEB.DOMAIN, KDCOptions: 
KrbException: Additional pre-authentication required (25)
	at KDC.processAsReq(KDC.java:1061)
	at KDC.processMessage(KDC.java:630)
	at KDC$1.run(KDC.java:1229)
     Error 25 Additional pre-authentication required
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
WEB.DOMAIN> web@WEB.DOMAIN sends AS-REQ for krbtgt/WEB.DOMAIN@WEB.DOMAIN, KDCOptions: 
     Return web@WEB.DOMAIN ticket for krbtgt/WEB.DOMAIN@WEB.DOMAIN, flags INITIAL;PRE-AUTHENT
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
WEB.DOMAIN> null sends TGS-REQ for HTTP/host.web.domain@WEB.DOMAIN, KDCOptions: 
WEB.DOMAIN> presenting a ticket of web@WEB.DOMAIN to krbtgt/WEB.DOMAIN@WEB.DOMAIN
     Return web@WEB.DOMAIN ticket for HTTP/host.web.domain@WEB.DOMAIN, flags INITIAL
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
PROXY.DOMAIN> pro@PROXY.DOMAIN sends AS-REQ for krbtgt/PROXY.DOMAIN@PROXY.DOMAIN, KDCOptions: 
KrbException: Additional pre-authentication required (25)
	at KDC.processAsReq(KDC.java:1061)
	at KDC.processMessage(KDC.java:630)
	at KDC$1.run(KDC.java:1229)
     Error 25 Additional pre-authentication required
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
PROXY.DOMAIN> pro@PROXY.DOMAIN sends AS-REQ for krbtgt/PROXY.DOMAIN@PROXY.DOMAIN, KDCOptions: 
     Return pro@PROXY.DOMAIN ticket for krbtgt/PROXY.DOMAIN@PROXY.DOMAIN, flags INITIAL;PRE-AUTHENT
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
PROXY.DOMAIN> null sends TGS-REQ for HTTP/host.proxy.domain@PROXY.DOMAIN, KDCOptions: 
PROXY.DOMAIN> presenting a ticket of pro@PROXY.DOMAIN to krbtgt/PROXY.DOMAIN@PROXY.DOMAIN
     Return pro@PROXY.DOMAIN ticket for HTTP/host.proxy.domain@PROXY.DOMAIN, flags INITIAL
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
PROXY.DOMAIN> pro@PROXY.DOMAIN sends AS-REQ for krbtgt/PROXY.DOMAIN@PROXY.DOMAIN, KDCOptions: 
KrbException: Additional pre-authentication required (25)
	at KDC.processAsReq(KDC.java:1061)
	at KDC.processMessage(KDC.java:630)
	at KDC$1.run(KDC.java:1229)
     Error 25 Additional pre-authentication required
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
PROXY.DOMAIN> pro@PROXY.DOMAIN sends AS-REQ for krbtgt/PROXY.DOMAIN@PROXY.DOMAIN, KDCOptions: 
     Return pro@PROXY.DOMAIN ticket for krbtgt/PROXY.DOMAIN@PROXY.DOMAIN, flags INITIAL;PRE-AUTHENT
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
PROXY.DOMAIN> null sends TGS-REQ for HTTP/host.proxy.domain@PROXY.DOMAIN, KDCOptions: 
PROXY.DOMAIN> presenting a ticket of pro@PROXY.DOMAIN to krbtgt/PROXY.DOMAIN@PROXY.DOMAIN
     Return pro@PROXY.DOMAIN ticket for HTTP/host.proxy.domain@PROXY.DOMAIN, flags INITIAL
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
WEB.DOMAIN> web@WEB.DOMAIN sends AS-REQ for krbtgt/WEB.DOMAIN@WEB.DOMAIN, KDCOptions: 
KrbException: Additional pre-authentication required (25)
	at KDC.processAsReq(KDC.java:1061)
	at KDC.processMessage(KDC.java:630)
	at KDC$1.run(KDC.java:1229)
     Error 25 Additional pre-authentication required
>>>>> UDP request honored
-----------------------------------------------
>>>>> UDP packet received
WEB.DOMAIN> web@WEB.DOMAIN sends AS-REQ for krbtgt/WEB.DOMAIN@WEB.DOMAIN, KDCOptions: 
     Return web@WEB.DOMAIN ticket for krbtgt/WEB.DOMAIN@WEB.DOMAIN, flags INITIAL;PRE-AUTHENT
>>>>> UDP request honored
----------System.err:(41/2547)----------
Creating GSSCredential
Creating GSSCredential


Expecting to succeed when executing with the the logged in subject.
java.lang.RuntimeException: java.io.IOException: Server returned HTTP response code: 401 for URL: http://host.web.domain:44088/a/b/c
	at HttpNegotiateServer.testConnect(HttpNegotiateServer.java:286)
	at HttpNegotiateServer$3.run(HttpNegotiateServer.java:361)
	at java.security.AccessController.doPrivileged(AccessController.java:732)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at HttpNegotiateServer.test8077155(HttpNegotiateServer.java:369)
	at HttpNegotiateServer.main(HttpNegotiateServer.java:220)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
	at java.lang.Thread.run(Thread.java:813)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: http://host.web.domain:44088/a/b/c
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894)
	at sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:91)
	at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1484)
	at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1482)
	at java.security.AccessController.doPrivileged(AccessController.java:904)
	at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:946)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1481)
	at HttpNegotiateServer.testConnect(HttpNegotiateServer.java:277)
	... 11 more
java.lang.RuntimeException: Test error
	at HttpNegotiateServer.main(HttpNegotiateServer.java:227)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
	at java.lang.Thread.run(Thread.java:813)

JavaTest Message: Test threw exception: java.lang.RuntimeException: Test error
JavaTest Message: shutting down test

STATUS:Failed.`main' threw exception: java.lang.RuntimeException: Test error
----------rerun:(23/1530)*----------
cd /home/walshbp/jtreg_testing/JTwork/scratch && \\
DISPLAY=:1 \\
GNOME_DESKTOP_SESSION_ID=this-is-deprecated \\
HOME=/home/walshbp \\
LANG=en_GB.UTF-8 \\
PATH=/bin:/usr/bin \\
XMODIFIERS=@im=ibus \\
CLASSPATH=/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto:/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto:/home/walshbp/openjdk8-openj9-binary/jdk8u181-b13/lib/tools.jar:/home/walshbp/jtreg/lib/javatest.jar:/home/walshbp/jtreg/lib/jtreg.jar \\
    /home/walshbp/openjdk8-openj9-binary/jdk8u181-b13/bin/java \\
        -Dtest.src=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto \\
        -Dtest.src.path=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto \\
        -Dtest.classes=/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto \\
        -Dtest.class.path=/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto \\
        -Dtest.vm.opts=-XX:HeapDumpPath=/tmp \\
        -Dtest.tool.vm.opts=-J-XX:HeapDumpPath=/tmp \\
        -Dtest.compiler.opts= \\
        -Dtest.java.opts= \\
        -Dtest.jdk=/home/walshbp/openjdk8-openj9-binary/jdk8u181-b13 \\
        -Dcompile.jdk=/home/walshbp/openjdk8-openj9-binary/jdk8u181-b13 \\
        -Dtest.timeout.factor=1.0 \\
        -XX:HeapDumpPath=/tmp \\
        -Dsun.net.spi.nameservice.provider.1=ns,mock \\
        com.sun.javatest.regtest.agent.MainWrapper /home/walshbp/jtreg_testing/JTwork/sun/security/krb5/auto/HttpNegotiateServer.d/main.0.jta
result: Failed. Execution failed: `main' threw exception: java.lang.RuntimeException: Test error


test result: Failed. Execution failed: `main' threw exception: java.lang.RuntimeException: Test error

@ben-walsh
Copy link
Contributor Author

ben-walsh commented Sep 27, 2018
edited
Loading

Fails to compile on latest IBM Java 8 SDK ...

#Test Results (version 2)
#Thu Sep 27 11:57:06 BST 2018
#-----testdescription-----
$file=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
$root=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test
keywords=bug6578647 bug6829283 othervm
run=USER_SPECIFIED main/othervm -Dsun.net.spi.nameservice.provider.1\=ns,mock HttpNegotiateServer\n
source=HttpNegotiateServer.java
title=HTTP/Negotiate\: Authenticator triggered again when user cancels the first one

#-----environment-----

#-----testresult-----
description=file\:/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
elapsed=2104 0\:00\:02.104
end=Thu Sep 27 11\:57\:06 BST 2018
environment=regtest
execStatus=Failed. Compilation failed\: Compilation failed
harnessLoaderMode=Classpath Loader
harnessVariety=Full Bundle
hostname=bendev.hursley.ibm.com
javatestOS=Linux 4.4.0-64-generic (amd64)
javatestVersion=5.0
jtregVersion=jtreg 4.2 dev 398
script=com.sun.javatest.regtest.exec.RegressionScript
sections=script_messages build compile
start=Thu Sep 27 11\:57\:04 BST 2018
test=sun/security/krb5/auto/HttpNegotiateServer.java
testJDK=/home/walshbp/ibm-java-8-binary/ibm-java-x86_64-80
totalTime=2110
user.name=walshbp
work=/home/walshbp/jtreg_testing/JTwork/sun/security/krb5/auto

#section:script_messages
----------messages:(8/401)----------
JDK under test: /home/walshbp/ibm-java-8-binary/ibm-java-x86_64-80
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 8.0.5.21 - pxa6480sr5fp21-20180830_01(SR5 FP21))
IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20180829_395745 (JIT enabled, AOT enabled)
OpenJ9   - e82188c
OMR      - eeaa30e
IBM      - 98805ca)
JCL - 20180821_01 based on Oracle jdk8u181-b12

#section:build
----------messages:(5/150)----------
command: build HttpNegotiateServer
reason: Named class compiled on demand
Test directory:
  compile: HttpNegotiateServer
elapsed time (seconds): 1.95
result: Failed. Compilation failed: Compilation failed

#section:compile
----------messages:(4/214)----------
command: compile /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
reason: .class file out of date or does not exist
Mode: othervm
elapsed time (seconds): 1.946
----------configuration:(6/378)----------
javac compilation environment
  source path: /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto
  class path:  /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto
               /home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto
               /home/walshbp/ibm-java-8-binary/ibm-java-x86_64-80/lib/tools.jar

----------rerun:(23/1580)*----------
cd /home/walshbp/jtreg_testing/JTwork/scratch && \\
DISPLAY=:1 \\
GNOME_DESKTOP_SESSION_ID=this-is-deprecated \\
HOME=/home/walshbp \\
LANG=en_GB.UTF-8 \\
PATH=/bin:/usr/bin \\
XMODIFIERS=@im=ibus \\
    /home/walshbp/ibm-java-8-binary/ibm-java-x86_64-80/bin/javac \\
        -J-XX:HeapDumpPath=/tmp \\
        -J-Dtest.src=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto \\
        -J-Dtest.src.path=/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto \\
        -J-Dtest.classes=/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto \\
        -J-Dtest.class.path=/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto \\
        -J-Dtest.vm.opts=-XX:HeapDumpPath=/tmp \\
        -J-Dtest.tool.vm.opts=-J-XX:HeapDumpPath=/tmp \\
        -J-Dtest.compiler.opts= \\
        -J-Dtest.java.opts= \\
        -J-Dtest.jdk=/home/walshbp/ibm-java-8-binary/ibm-java-x86_64-80 \\
        -J-Dcompile.jdk=/home/walshbp/ibm-java-8-binary/ibm-java-x86_64-80 \\
        -J-Dtest.timeout.factor=1.0 \\
        -d /home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto \\
        -sourcepath /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto \\
        -classpath /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto:/home/walshbp/jtreg_testing/JTwork/classes/sun/security/krb5/auto:/home/walshbp/ibm-java-8-binary/ibm-java-x86_64-80/lib/tools.jar /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java
----------System.out:(0/0)----------
----------System.err:(485/26193)----------
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java:38: error: package com.sun.security.auth.module does not exist
import com.sun.security.auth.module.Krb5LoginModule;
                                   ^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java:68: error: package sun.security.jgss does not exist
import sun.security.jgss.GSSUtil;
                        ^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java:69: error: package sun.security.krb5 does not exist
import sun.security.krb5.Config;
                        ^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:36: error: package sun.security.krb5 does not exist
import sun.security.krb5.*;
^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:37: error: package sun.security.krb5.internal does not exist
import sun.security.krb5.internal.*;
^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:38: error: package sun.security.krb5.internal.ccache does not exist
import sun.security.krb5.internal.ccache.CredentialsCache;
                                        ^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:39: error: package sun.security.krb5.internal.crypto does not exist
import sun.security.krb5.internal.crypto.KeyUsage;
                                        ^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:40: error: package sun.security.krb5.internal.ktab does not exist
import sun.security.krb5.internal.ktab.KeyTab;
                                      ^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:41: error: cannot find symbol
import sun.security.util.DerInputStream;
                        ^
  symbol:   class DerInputStream
  location: package sun.security.util
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:42: error: cannot find symbol
import sun.security.util.DerOutputStream;
                        ^
  symbol:   class DerOutputStream
  location: package sun.security.util
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:43: error: cannot find symbol
import sun.security.util.DerValue;
                        ^
  symbol:   class DerValue
  location: package sun.security.util
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:290: error: cannot find symbol
            throws IOException, KrbException {
                                ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:320: error: cannot find symbol
            throws IOException, KrbException {
                                ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:329: error: cannot find symbol
            throws IOException, KrbException {
                                ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:338: error: cannot find symbol
    public void writeKtab(String tab) throws IOException, KrbException {
                                                          ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:345: error: cannot find symbol
    public void appendKtab(String tab) throws IOException, KrbException {
                                                           ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:525: error: cannot find symbol
    private static EncryptionKey generateRandomKey(int eType)
                   ^
  symbol:   class EncryptionKey
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:526: error: cannot find symbol
            throws KrbException  {
                   ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:549: error: cannot find symbol
    private char[] getPassword(PrincipalName p, boolean server)
                               ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:550: error: cannot find symbol
            throws KrbException {
                   ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:569: error: cannot find symbol
    protected String getSalt(PrincipalName p) {
                             ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:598: error: cannot find symbol
    private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server)
                                     ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:598: error: cannot find symbol
    private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server)
            ^
  symbol:   class EncryptionKey
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:599: error: cannot find symbol
            throws KrbException {
                   ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1457: error: cannot find symbol
    private static final Constructor<EncryptedData> ctorEncryptedData;
                                     ^
  symbol:   class EncryptedData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1481: error: cannot find symbol
    private EncryptedData newEncryptedData(DerValue der) {
                                           ^
  symbol:   class DerValue
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1481: error: cannot find symbol
    private EncryptedData newEncryptedData(DerValue der) {
            ^
  symbol:   class EncryptedData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1488: error: cannot find symbol
    private static PAData[] KDCReqDotPAData(KDCReq req) {
                                            ^
  symbol:   class KDCReq
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1488: error: cannot find symbol
    private static PAData[] KDCReqDotPAData(KDCReq req) {
                   ^
  symbol:   class PAData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1495: error: cannot find symbol
    private static int[] KDCReqBodyDotEType(KDCReqBody body) {
                                            ^
  symbol:   class KDCReqBody
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1503: error: cannot find symbol
            byte[] s2kparams, int keyType) throws KrbCryptoException {
                                                  ^
  symbol:   class KrbCryptoException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1513: error: cannot find symbol
    private static Ticket KDCReqBodyDotFirstAdditionalTicket(KDCReqBody body) {
                                                             ^
  symbol:   class KDCReqBody
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:1513: error: cannot find symbol
    private static Ticket KDCReqBodyDotFirstAdditionalTicket(KDCReqBody body) {
                   ^
  symbol:   class Ticket
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java:181: error: cannot find symbol
        Config.refresh();
        ^
  symbol:   variable Config
  location: class HttpNegotiateServer
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/OneKDC.java:32: error: package sun.security.krb5 does not exist
import sun.security.krb5.Config;
                        ^
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java:431: error: cannot find symbol
            Krb5LoginModule krb5 = new Krb5LoginModule();
            ^
  symbol:   class Krb5LoginModule
  location: class MyServerAuthenticator
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java:431: error: cannot find symbol
            Krb5LoginModule krb5 = new Krb5LoginModule();
                                       ^
  symbol:   class Krb5LoginModule
  location: class MyServerAuthenticator
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java:452: error: cannot find symbol
                                    GSSUtil.GSS_SPNEGO_MECH_OID:
                                    ^
  symbol: variable GSSUtil
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/HttpNegotiateServer.java:453: error: cannot find symbol
                                    GSSUtil.GSS_KRB5_MECH_OID,
                                    ^
  symbol: variable GSSUtil
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:291: error: cannot find symbol
        KeyTab ktab = append ? KeyTab.getInstance(tab) : KeyTab.create(tab);
        ^
  symbol:   class KeyTab
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:291: error: cannot find symbol
        KeyTab ktab = append ? KeyTab.getInstance(tab) : KeyTab.create(tab);
                               ^
  symbol:   variable KeyTab
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:291: error: cannot find symbol
        KeyTab ktab = append ? KeyTab.getInstance(tab) : KeyTab.create(tab);
                                                         ^
  symbol:   variable KeyTab
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:300: error: cannot find symbol
            PrincipalName pn = new PrincipalName(name,
            ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:300: error: cannot find symbol
            PrincipalName pn = new PrincipalName(name,
                                   ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:321: error: cannot find symbol
        KeyTab.create(tab).save();      // Empty the old keytab
        ^
  symbol:   variable KeyTab
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:532: error: cannot find symbol
            case EncryptedData.ETYPE_DES_CBC_MD5: algo = "DES"; break;
                 ^
  symbol:   variable EncryptedData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:533: error: cannot find symbol
            case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD: algo = "DESede"; break;
                 ^
  symbol:   variable EncryptedData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:534: error: cannot find symbol
            case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96: algo = "AES128"; break;
                 ^
  symbol:   variable EncryptedData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:535: error: cannot find symbol
            case EncryptedData.ETYPE_ARCFOUR_HMAC: algo = "ArcFourHMAC"; break;
                 ^
  symbol:   variable EncryptedData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:536: error: cannot find symbol
            case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96: algo = "AES256"; break;
                 ^
  symbol:   variable EncryptedData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:539: error: cannot find symbol
        return new EncryptionKey(pass, "NOTHING", algo);    // Silly
                   ^
  symbol:   class EncryptionKey
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:557: error: cannot find symbol
            throw new KrbException(server?
                      ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:577: error: cannot find symbol
                p = new PrincipalName(passwords.ceilingEntry(pn).getKey());
                        ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:578: error: cannot find symbol
            } catch (RealmException re) {
                     ^
  symbol:   class RealmException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:612: error: cannot find symbol
            return new EncryptionKey(EncryptionKeyDotStringToKey(
                       ^
  symbol:   class EncryptionKey
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:615: error: cannot find symbol
        } catch (KrbException ke) {
                 ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:629: error: cannot find symbol
        if ((in[0] & 0x1f) == Krb5.KRB_AS_REQ)
                              ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:642: error: cannot find symbol
        TGSReq tgsReq = new TGSReq(in);
        ^
  symbol:   class TGSReq
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:642: error: cannot find symbol
        TGSReq tgsReq = new TGSReq(in);
                            ^
  symbol:   class TGSReq
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:643: error: cannot find symbol
        PrincipalName service = tgsReq.reqBody.sname;
        ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:645: error: cannot find symbol
            service = new PrincipalName((int)options.get(KDC.Option.RESP_NT),
                          ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:652: error: cannot find symbol
            KDCReqBody body = tgsReq.reqBody;
            ^
  symbol:   class KDCReqBody
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:657: error: cannot find symbol
            PAData[] pas = KDCReqDotPAData(tgsReq);
            ^
  symbol:   class PAData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:659: error: cannot find symbol
            Ticket tkt = null;
            ^
  symbol:   class Ticket
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:660: error: cannot find symbol
            EncTicketPart etp = null;
            ^
  symbol:   class EncTicketPart
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:662: error: cannot find symbol
            PrincipalName cname = null;
            ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:666: error: cannot find symbol
                throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
                          ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:666: error: cannot find symbol
                throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
                                       ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:668: error: cannot find symbol
                PrincipalName forUserCName = null;
                ^
  symbol:   class PrincipalName
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:669: error: cannot find symbol
                for (PAData pa: pas) {
                     ^
  symbol:   class PAData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:670: error: cannot find symbol
                    if (pa.getType() == Krb5.PA_TGS_REQ) {
                                        ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:671: error: cannot find symbol
                        APReq apReq = new APReq(pa.getValue());
                        ^
  symbol:   class APReq
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:671: error: cannot find symbol
                        APReq apReq = new APReq(pa.getValue());
                                          ^
  symbol:   class APReq
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:672: error: cannot find symbol
                        EncryptedData ed = apReq.authenticator;
                        ^
  symbol:   class EncryptedData
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:675: error: cannot find symbol
                        EncryptionKey kkey = keyForUser(tkt.sname, te, true);
                        ^
  symbol:   class EncryptionKey
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:676: error: cannot find symbol
                        byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET);
                                                              ^
  symbol:   variable KeyUsage
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:677: error: cannot find symbol
                        DerInputStream derIn = new DerInputStream(bb);
                        ^
  symbol:   class DerInputStream
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:677: error: cannot find symbol
                        DerInputStream derIn = new DerInputStream(bb);
                                                   ^
  symbol:   class DerInputStream
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:678: error: cannot find symbol
                        DerValue der = derIn.getDerValue();
                        ^
  symbol:   class DerValue
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:679: error: cannot find symbol
                        etp = new EncTicketPart(der.toByteArray());
                                  ^
  symbol:   class EncTicketPart
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:685: error: cannot find symbol
                    } else if (pa.getType() == Krb5.PA_FOR_USER) {
                                               ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:687: error: cannot find symbol
                            PAForUserEnc p4u = new PAForUserEnc(
                            ^
  symbol:   class PAForUserEnc
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:687: error: cannot find symbol
                            PAForUserEnc p4u = new PAForUserEnc(
                                                   ^
  symbol:   class PAForUserEnc
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:688: error: cannot find symbol
                                    new DerValue(pa.getValue()), null);
                                        ^
  symbol:   class DerValue
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:706: error: cannot find symbol
                    throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
                              ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:706: error: cannot find symbol
                    throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
                                           ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:711: error: cannot find symbol
            EncryptionKey ckey = etp.key;
            ^
  symbol:   class EncryptionKey
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:714: error: cannot find symbol
            EncryptionKey key = generateRandomKey(e2);
            ^
  symbol:   class EncryptionKey
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:717: error: cannot find symbol
            KerberosTime till = body.till;
            ^
  symbol:   class KerberosTime
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:719: error: cannot find symbol
                throw new KrbException(Krb5.KDC_ERR_NEVER_VALID); // TODO
                          ^
  symbol:   class KrbException
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:719: error: cannot find symbol
                throw new KrbException(Krb5.KDC_ERR_NEVER_VALID); // TODO
                                       ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:721: error: cannot find symbol
                till = new KerberosTime(new Date().getTime() + 1000 * 3600 * 11);
                           ^
  symbol:   class KerberosTime
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:724: error: cannot find symbol
            boolean[] bFlags = new boolean[Krb5.TKT_OPTS_MAX+1];
                                           ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:725: error: cannot find symbol
            if (body.kdcOptions.get(KDCOptions.FORWARDABLE)
                                    ^
  symbol:   variable KDCOptions
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:732: error: cannot find symbol
                    bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
                           ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:735: error: cannot find symbol
            if (body.kdcOptions.get(KDCOptions.FORWARDED) ||
                                    ^
  symbol:   variable KDCOptions
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:736: error: cannot find symbol
                    etp.flags.get(Krb5.TKT_OPTS_FORWARDED)) {
                                  ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:737: error: cannot find symbol
                bFlags[Krb5.TKT_OPTS_FORWARDED] = true;
                       ^
  symbol:   variable Krb5
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:739: error: cannot find symbol
            if (body.kdcOptions.get(KDCOptions.RENEWABLE)) {
                                    ^
  symbol:   variable KDCOptions
  location: class KDC
/home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java:740: error: cannot find symbol
                bFlags[Krb5.TKT_OPTS_RENEWABLE] = true;
                       ^
  symbol:   variable Krb5
  location: class KDC
Note: /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: /home/walshbp/jep_testing/openj9-openjdk-jdk8/jdk/test/sun/security/krb5/auto/KDC.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
100 errors
result: Failed. Compilation failed: Compilation failed


test result: Failed. Compilation failed: Compilation failed

@ben-walsh
Copy link
Contributor Author

When the "sub-test" test8077155 is removed from execution, the test passes against OpenJDK11+OpenJ9.

For clarity - test/jdk/sun/security/krb5/auto/HttpNegotiateServer.java was only run this time as a check for any regressions resulting from adding the TLS 1.3 support - it is not explicitly testing TLS 1.3 support.

Considering this and the other evidence above, I DO NOT consider that this issue should delay the OpenJDK11+OpenJ9 release any further.

@JasonFengJ9 JasonFengJ9 mentioned this issue Sep 27, 2018
Merged
@pshipton
Copy link
Member

I'll just note this issue in particular is not delaying the release, there are other issues in the release plan https://github.com/eclipse/openj9/milestone/3

@LongyuZhang LongyuZhang mentioned this issue Nov 24, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
comp:vm test failure
Projects
None yet
Milestone
Release 0.10.0
Development

Successfully merging a pull request may close this issue.

Set domainCombiner from closest frame in result AccessControlContext JasonFengJ9/openj9
4 participants
@JasonFengJ9 @hangshao0 @pshipton @ben-walsh