Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MemoryLeak in JavaConsole and KeystorePasswordAttempter? #893

Closed
AlBundy33 opened this issue Jan 24, 2023 · 8 comments
Closed

MemoryLeak in JavaConsole and KeystorePasswordAttempter? #893

AlBundy33 opened this issue Jan 24, 2023 · 8 comments

Comments

@AlBundy33
Copy link

AlBundy33 commented Jan 24, 2023

I've already created an issue in karakun/OpenWebStart#530 but maybe this issue is more related to ITW?

It seems that there is no memory limit for JavaConsole because it grows until there is no memory left.
-> may a default limit would help here to prevent OutOfMemory-Exceptions
It seems that this can be workaround with setting the console to deactivated (this is a setting in OpenWebStart - but I would assume ITW has this too)

Additional there is also a class KeystorePasswordAttempter that wastes a lot of memory and cannot be garbage collected.

image

The customer pc has a proxy configured that needs authentication and it seems that for each connection to an https-url more and more memory is occupied from the mentioned two classes.

@AlBundy33
Copy link
Author

With enabled debug-output in OpenWebStart I was able to trackdown the memory-leak in KeystorePasswordAttempter

[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\trusted.jssecerts does not exists.
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\trusted.certs does not exists.
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Users\*****\.config\icedtea-web\security\trusted.jssecerts exists.
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Users\*****\.config\icedtea-web\security\trusted.jssecerts
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Users\*****\.config\icedtea-web\security\trusted.jssecerts
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Users\*****\.config\icedtea-web\security\trusted.certs exists.
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Users\*****\.config\icedtea-web\security\trusted.certs
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Users\*****\.config\icedtea-web\security\trusted.certs
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.CertificateUtils] ***** found in cacerts (C:\Users\*****\.config\icedtea-web\security\trusted.certs)
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\jssecacerts does not exists.
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\cacerts exists.
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\cacerts
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\cacerts
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Users\*****\.config\icedtea-web\security\trusted.jssecacerts exists.
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Users\*****\.config\icedtea-web\security\trusted.jssecacerts
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Users\*****\.config\icedtea-web\security\trusted.jssecacerts
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Users\*****\.config\icedtea-web\security\trusted.cacerts exists.
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Users\*****\.config\icedtea-web\security\trusted.cacerts
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Users\*****\.config\icedtea-web\security\trusted.cacerts
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.security.CertificateUtils] CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB found in cacerts (C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\cacerts)
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.tools.JarCertVerifier] App is signed: true
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.tools.JarCertVerifier] App already has trusted publisher: true
[ITW-CORE][2023-01-25 10:04:44.115 CET][DEBUG][net.sourceforge.jnlp.tools.JarCertVerifier] App is signed: true
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\trusted.jssecerts does not exists.
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\trusted.certs does not exists.
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Users\*****\.config\icedtea-web\security\trusted.jssecerts exists.
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Users\*****\.config\icedtea-web\security\trusted.jssecerts
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Users\*****\.config\icedtea-web\security\trusted.jssecerts
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Users\*****\.config\icedtea-web\security\trusted.certs exists.
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Users\*****\.config\icedtea-web\security\trusted.certs
[ITW-CORE][2023-01-25 10:04:44.120 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Users\*****\.config\icedtea-web\security\trusted.certs
[ITW-CORE][2023-01-25 10:04:44.121 CET][DEBUG][net.sourceforge.jnlp.security.CertificateUtils] ***** found in cacerts (C:\Users\*****\.config\icedtea-web\security\trusted.certs)
[ITW-CORE][2023-01-25 10:04:44.121 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\jssecacerts does not exists.
[ITW-CORE][2023-01-25 10:04:44.121 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.121 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore Unknown
[ITW-CORE][2023-01-25 10:04:44.121 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\cacerts exists.
[ITW-CORE][2023-01-25 10:04:44.121 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\cacerts
[ITW-CORE][2023-01-25 10:04:44.121 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\cacerts
[ITW-CORE][2023-01-25 10:04:44.122 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Users\*****\.config\icedtea-web\security\trusted.jssecacerts exists.
[ITW-CORE][2023-01-25 10:04:44.122 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Users\*****\.config\icedtea-web\security\trusted.jssecacerts
[ITW-CORE][2023-01-25 10:04:44.122 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Users\*****\.config\icedtea-web\security\trusted.jssecacerts
[ITW-CORE][2023-01-25 10:04:44.122 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Users\*****\.config\icedtea-web\security\trusted.cacerts exists.
[ITW-CORE][2023-01-25 10:04:44.122 CET][DEBUG][net.sourceforge.jnlp.security.SecurityUtil] Loading Keystore C:\Users\*****\.config\icedtea-web\security\trusted.cacerts
[ITW-CORE][2023-01-25 10:04:44.122 CET][DEBUG][net.sourceforge.jnlp.security.KeystorePasswordAttempter] Operating Keystore C:\Users\*****\.config\icedtea-web\security\trusted.cacerts
[ITW-CORE][2023-01-25 10:04:44.123 CET][DEBUG][net.sourceforge.jnlp.security.CertificateUtils] CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB found in cacerts (C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\cacerts)
[ITW-CORE][2023-01-25 10:04:44.123 CET][DEBUG][net.sourceforge.jnlp.tools.JarCertVerifier] App is signed: true
[ITW-CORE][2023-01-25 10:04:44.123 CET][DEBUG][net.sourceforge.jnlp.tools.JarCertVerifier] App already has trusted publisher: true
[ITW-CORE][2023-01-25 10:04:44.123 CET][DEBUG][net.sourceforge.jnlp.tools.JarCertVerifier] App is signed: true
[ITW-CORE][2023-01-25 10:04:44.131 CET][DEBUG][com.openwebstart.proxy.pac.PacFileEvaluator] PAC result for url 'https://*****' -> 'PROXY *****:3128'
[ITW-CORE][2023-01-25 10:04:44.131 CET][DEBUG][com.openwebstart.proxy.pac.PacBasedProxyProvider] PAC Proxies found for 'https://*****' : [HTTP @ *****/*****:3128]

KeystorePasswordAttempter uses a HashMap to cache Keystores but due to some missing files in AdoptOpenJDK

[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\trusted.jssecerts does not exists.
[ITW-CORE][2023-01-25 10:04:44.112 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\trusted.certs does not exists.
[ITW-CORE][2023-01-25 10:04:44.113 CET][DEBUG][net.sourceforge.jnlp.security.KeyStores] Keystore file C:\Program Files\AdoptOpenJDK\jdk-11.0.11.9-hotspot\lib\security\jssecacerts does not exists.

there is alway a new keystore created and because KeyStore has not implemented hashCode and KeyStore.getInstance("JKS")
always creates a new instance the hashmap successfulPerKeystore grows more and more.

For testing I've just created an empty keystore and copied it into the expected locations

keytool -genkeypair -alias dummy -storepass changeit -keypass changeit -keystore emptyStore.keystore -dname "CN=Developer, OU=Department, O=Company, L=City, ST=State, C=CA"
keytool -delete -alias dummy -storepass changeit -keystore emptyStore.keystore
copy emptyStore.keystore trusted.certs
copy emptyStore.keystore jssecacerts

after that the https-requests where significantly slower but memory was stable.
-> so not really a solution but at least a proof

@janakmulani
Copy link
Contributor

@AlBundy33 Thanks for reporting. We are investigating.

@AlBundy33
Copy link
Author

fyi as workaround we've created a thread that every five minutes clears the affected maps (rawData in Console and sucsessfulByKeystore in Attempter).

For now it seems to work without impact.
performance is as usual and no errors in the logs and memory seems to be stable.

I know that disabling the console would help but we tried to avoid rollouts of new configurations on customerside.
For the leak in the paswordattempter I didn't found a workaround.
I assume that this has something to do with the proxy.
It needs authentication, uses a pac file, our application is signed and we are using https-requests - so a lot of certificates to check. 😄

Feel free to ask if you need more informations.

@AlBundy33
Copy link
Author

I was able to debug the problem on the customer system
on each request (with apache cxf) I have this stacktrace

	Thread [Worker-5: Session keep alive] (Suspended (breakpoint at line 161 in net.sourceforge.jnlp.security.KeystorePasswordAttempter))	
		owns: java.util.Collections$SynchronizedRandomAccessList<E>  (id=735)	
		owns: net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader  (id=736)	
		owns: net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeJavaTopPackage  (id=1632)	
		owns: net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.LazilyLoadedCtor  (id=1633)	
		owns: sun.net.www.protocol.https.DelegateHttpsURLConnection  (id=1634)	
		owns: sun.net.www.protocol.https.HttpsURLConnectionImpl  (id=1635)	
		owns: org.apache.cxf.phase.PhaseInterceptorChain  (id=1636)	
		net.sourceforge.jnlp.security.KeystorePasswordAttempter.unlockKeystore(net.sourceforge.jnlp.security.KeystorePasswordAttempter$KeystoreOperation) line: 161	
		net.sourceforge.jnlp.security.SecurityUtil.loadKeyStore(java.security.KeyStore, java.io.File) line: 358	
		net.sourceforge.jnlp.security.KeyStores.createKeyStoreFromFile(java.io.File, boolean) line: 328	
		net.sourceforge.jnlp.security.KeyStores.getKeyStore(net.sourceforge.jnlp.security.KeyStores$Level, net.sourceforge.jnlp.security.KeyStores$Type) line: 118	
		net.sourceforge.jnlp.security.KeyStores.getCertKeyStores() line: 146	
		net.sourceforge.jnlp.tools.JarCertVerifier.checkTrustedCerts(java.security.cert.CertPath) line: 486	
		net.sourceforge.jnlp.tools.JarCertVerifier.verifyJars(java.util.List<net.adoptopenjdk.icedteaweb.jnlp.element.resource.JARDesc>, net.adoptopenjdk.icedteaweb.resources.ResourceTracker) line: 262	
		net.sourceforge.jnlp.tools.JarCertVerifier.add(net.adoptopenjdk.icedteaweb.jnlp.element.resource.JARDesc, net.adoptopenjdk.icedteaweb.resources.ResourceTracker) line: 214	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.lambda$addNewJar$11(net.adoptopenjdk.icedteaweb.jnlp.element.resource.JARDesc, java.net.URL) line: 1562	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader$$Lambda$618.1655408146.run() line: not available	
		java.security.AccessController.doPrivileged(java.security.PrivilegedExceptionAction<T>) line: not available [native method]	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.addNewJar(net.adoptopenjdk.icedteaweb.jnlp.element.resource.JARDesc, net.adoptopenjdk.icedteaweb.resources.UpdatePolicy) line: 1561	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.addNewJar(net.adoptopenjdk.icedteaweb.jnlp.element.resource.JARDesc) line: 1523	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.loadFromJarIndexes(java.lang.String) line: 1499	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.lambda$loadClass$8(java.lang.String) line: 1444	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader$$Lambda$431.2064300758.call() line: not available	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader$$Lambda$431.2064300758(net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader$ExceptionalSupplier<T,E>).getResultOfCallOrNull() line: 1405	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader$$Lambda$432.1932561632.apply(java.lang.Object) line: not available	
		java.util.stream.ReferencePipeline$3$1.accept(P_OUT) line: 195	
		java.util.ArrayList$ArrayListSpliterator.tryAdvance(java.util.function.Consumer<? super E>) line: 1632	
		java.util.stream.ReferencePipeline$Head<E_IN,E_OUT>(java.util.stream.ReferencePipeline<P_IN,P_OUT>).forEachWithCancel(java.util.Spliterator<P_OUT>, java.util.stream.Sink<P_OUT>) line: 127	
		java.util.stream.ReferencePipeline$2(java.util.stream.AbstractPipeline<E_IN,E_OUT,S>).copyIntoWithCancel(java.util.stream.Sink<P_IN>, java.util.Spliterator<P_IN>) line: 502	
		java.util.stream.ReferencePipeline$2(java.util.stream.AbstractPipeline<E_IN,E_OUT,S>).copyInto(java.util.stream.Sink<P_IN>, java.util.Spliterator<P_IN>) line: 488	
		java.util.stream.ReferencePipeline$2(java.util.stream.AbstractPipeline<E_IN,E_OUT,S>).wrapAndCopyInto(S, java.util.Spliterator<P_IN>) line: 474	
		java.util.stream.FindOps$FindOp<T,O>.evaluateSequential(java.util.stream.PipelineHelper<T>, java.util.Spliterator<S>) line: 150	
		java.util.stream.ReferencePipeline$2(java.util.stream.AbstractPipeline<E_IN,E_OUT,S>).evaluate(java.util.stream.TerminalOp<E_OUT,R>) line: 234	
		java.util.stream.ReferencePipeline$2(java.util.stream.ReferencePipeline<P_IN,P_OUT>).findFirst() line: 543	
		net.sourceforge.jnlp.runtime.classloader.JNLPClassLoader.loadClass(java.lang.String) line: 1448	
		org.eclipse.osgi.internal.framework.ContextFinder.loadClass(java.lang.String, boolean) line: 145	
		org.eclipse.osgi.internal.framework.ContextFinder(java.lang.ClassLoader).loadClass(java.lang.String) line: 522	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Kit.classOrNull(java.lang.ClassLoader, java.lang.String) line: 88	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeJavaTopPackage(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeJavaPackage).getPkgProperty(java.lang.String, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, boolean) line: 154	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeJavaTopPackage(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeJavaPackage).get(java.lang.String, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable) line: 105	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeJavaTopPackage.init(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, boolean) line: 129	
		jdk.internal.reflect.GeneratedMethodAccessor6.invoke(java.lang.Object, java.lang.Object[]) line: not available	
		jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(java.lang.Object, java.lang.Object[]) line: 43	
		java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object...) line: 566	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ScriptableObject.buildClassCtor(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.Class, boolean, boolean) line: 1018	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.LazilyLoadedCtor.buildValue() line: 110	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.LazilyLoadedCtor.init() line: 89	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeObject(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ScriptableObject).getImpl(java.lang.String, int, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable) line: 1992	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeObject(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ScriptableObject).get(java.lang.String, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable) line: 280	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.NativeObject(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.IdScriptableObject).get(java.lang.String, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable) line: 385	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ScriptableObject.getProperty(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.String) line: 1575	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ScriptRuntime.topScopeName(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.String) line: 1748	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ScriptRuntime.nameOrFunction(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.String, boolean) line: 1715	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ScriptRuntime.name(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.String) line: 1657	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Interpreter.interpretLoop(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Interpreter$CallFrame, java.lang.Object) line: 3413	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Interpreter.interpret(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.InterpretedFunction, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.Object[]) line: 2484	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.InterpretedFunction.call(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.Object[]) line: 162	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ContextFactory.doTopCall(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Callable, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.Object[]) line: 401	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.ScriptRuntime.doTopCall(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Callable, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.Object[]) line: 3003	
		net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.InterpretedFunction.call(net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Context, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, net.adoptopenjdk.icedteaweb.shaded.mozilla.javascript.Scriptable, java.lang.Object[]) line: 160	
		com.openwebstart.proxy.pac.PacFileEvaluator.lambda$getProxiesWithoutCaching$0(java.net.URI) line: 190	
		com.openwebstart.proxy.pac.PacFileEvaluator$$Lambda$258.1270431260.run() line: not available	
		java.security.AccessController.doPrivileged(java.security.PrivilegedAction<T>, java.security.AccessControlContext) line: not available [native method]	
		com.openwebstart.proxy.pac.PacFileEvaluator.getProxiesWithoutCaching(java.net.URI) line: 201	
		com.openwebstart.proxy.pac.PacFileEvaluator.getProxies(java.net.URI) line: 133	
		com.openwebstart.proxy.manual.ManualPacFileProxyProvider(com.openwebstart.proxy.pac.PacBasedProxyProvider).select(java.net.URI) line: 30	
		com.openwebstart.proxy.WebStartProxySelector.select(java.net.URI) line: 50	
		sun.net.www.protocol.https.DelegateHttpsURLConnection(sun.net.www.protocol.http.HttpURLConnection).plainConnect0() line: 1181	
		sun.net.www.protocol.http.HttpURLConnection$6.run() line: 1071	
		sun.net.www.protocol.http.HttpURLConnection$6.run() line: 1069	
		java.security.AccessController.doPrivileged(java.security.PrivilegedExceptionAction<T>, java.security.AccessControlContext) line: not available [native method]	
		java.security.AccessController.doPrivilegedWithCombiner(java.security.PrivilegedExceptionAction<T>, java.security.AccessControlContext, java.security.Permission...) line: 795	
		sun.net.www.protocol.https.DelegateHttpsURLConnection(sun.net.www.protocol.http.HttpURLConnection).plainConnect() line: 1068	
		sun.net.www.protocol.https.DelegateHttpsURLConnection(sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection).connect() line: 189	
		sun.net.www.protocol.https.DelegateHttpsURLConnection(sun.net.www.protocol.http.HttpURLConnection).getOutputStream0() line: 1367	
		sun.net.www.protocol.http.HttpURLConnection$8.run() line: 1334	
		sun.net.www.protocol.http.HttpURLConnection$8.run() line: 1332	
		java.security.AccessController.doPrivileged(java.security.PrivilegedExceptionAction<T>, java.security.AccessControlContext) line: not available [native method]	
		java.security.AccessController.doPrivilegedWithCombiner(java.security.PrivilegedExceptionAction<T>, java.security.AccessControlContext, java.security.Permission...) line: 795	
		sun.net.www.protocol.https.DelegateHttpsURLConnection(sun.net.www.protocol.http.HttpURLConnection).getOutputStream() line: 1331	
		sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream() line: 246	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream$1.run() line: 267	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream$1.run() line: 264	
		java.security.AccessController.doPrivileged(java.security.PrivilegedExceptionAction<T>) line: not available [native method]	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream() line: 264	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream(org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream).handleHeadersTrustCaching() line: 1343	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream(org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream).onFirstWrite() line: 1304	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite() line: 307	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream(org.apache.cxf.io.AbstractWrappedOutputStream).write(byte[], int, int) line: 47	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream(org.apache.cxf.io.AbstractThresholdOutputStream).write(byte[], int, int) line: 69	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream(org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream).close() line: 1356	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit(org.apache.cxf.transport.AbstractConduit).close(org.apache.cxf.message.Message) line: 56	
		org.apache.cxf.transport.http.URLConnectionHTTPConduit(org.apache.cxf.transport.http.HTTPConduit).close(org.apache.cxf.message.Message) line: 671	
		org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(org.apache.cxf.message.Message) line: 63	
		org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(org.apache.cxf.message.Message) line: 308	
		org.apache.cxf.endpoint.ClientImpl.doInvoke(org.apache.cxf.endpoint.ClientCallback, org.apache.cxf.service.model.BindingOperationInfo, java.lang.Object[], java.util.Map<java.lang.String,java.lang.Object>, org.apache.cxf.message.Exchange) line: 530	
		org.apache.cxf.endpoint.ClientImpl.invoke(org.apache.cxf.service.model.BindingOperationInfo, java.lang.Object[], java.util.Map<java.lang.String,java.lang.Object>, org.apache.cxf.message.Exchange) line: 441	
		org.apache.cxf.endpoint.ClientImpl.invoke(org.apache.cxf.service.model.BindingOperationInfo, java.lang.Object[], org.apache.cxf.message.Exchange) line: 356	
		org.apache.cxf.endpoint.ClientImpl.invoke(org.apache.cxf.service.model.BindingOperationInfo, java.lang.Object...) line: 314	
		org.apache.cxf.jaxws.JaxWsClientProxy(org.apache.cxf.frontend.ClientProxy).invokeSync(java.lang.reflect.Method, org.apache.cxf.service.model.BindingOperationInfo, java.lang.Object[]) line: 96	
		org.apache.cxf.jaxws.JaxWsClientProxy.invoke(java.lang.Object, java.lang.reflect.Method, java.lang.Object[]) line: 140	
		com.sun.proxy.$Proxy110.ping(java.lang.String) line: not available	
		*****.SessionKeepaliveRunnable.run(org.eclipse.core.runtime.IProgressMonitor) line: 52	
		org.eclipse.core.internal.jobs.Worker.run() line: 63	

The loaded jars are always to and the loaded "class" is always com or org

The two jars and a few others containing an INDEX.LIST and only the two cars containing entries like this:

...
org
org/apache
org/apache/groovy
org/apache/groovy/antlr
...

I'll try to remove the INDEX.LIST from the JAR files an see what happens

[edit]
removing the INDEX.LIST from the affected jars seems also to solve the issue becuase I never reach the put in the KeystorePasswordAttempter.
So it seems to be an issue with the file and "something" in the infrastructure (proxy with authentication, signed application, load-balancer, ...)

hopefully the stacktrace gives you the right direction.
[/edit]

@AlBundy33
Copy link
Author

I've downloaded the proxy.pac and removed nearly all entries.
With this proxy.pac I still have the problem on the system

function FindProxyForURL(url, host) {
    if (isInNet(host, "127.0.0.0", "255.0.0.0")) return "DIRECT";

    return "DIRECT";
}

with this not

function FindProxyForURL(url, host) {
    return "DIRECT";
}

This is strange because both are returning always DIRECT 🤔

A workaround for this issue could be to simply not cache default-passwords in KeystorePasswordAttempter by changing

                successfulPerKeystore.put(operation.ks, pass);

to

                if (!Arrays.equals(pass.pass, DEFAULT_PASSWORD)) // maybe additional checks if localPasses.size() == 1 and/or operation.f == null
                  successfulPerKeystore.put(operation.ks, pass);

This does not fix the problem but results (at least on the customer system) on an empty successfulPerKeystore because there are only keystores with the default password.

@janakmulani
Copy link
Contributor

Thanks for your analysis and hints. We will investigate further and fix in a future release

@janakmulani
Copy link
Contributor

#904

@AlBundy33
Copy link
Author

@janakmulani #904 fixes only the memory leak in KeystorePasswordAttempter.
The memory leak in JavaConsole is still an issue. 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants