java.lang.SecurityException注入java代理时发生错误

huangapple go评论93阅读模式
英文:

java.lang.SecurityException when injecting java agent

问题

我正在尝试创建一个动态的Java代理,但在加载代理时出现以下错误:

com.sun.tools.attach.AgentInitializationException: 代理JAR已加载,但代理未能初始化
    at jdk.attach/sun.tools.attach.HotSpotVirtualMachine.loadAgent(HotSpotVirtualMachine.java:165)
    at jdk.attach/com.sun.tools.attach.VirtualMachine.loadAgent(VirtualMachine.java:538)
    at injector.main(injector.java:20)

而在目标应用程序中显示的错误如下:

java.lang.SecurityException: 类“agent”的签名者信息与同一包中其他类的签名者信息不匹配
    at java.base/java.lang.ClassLoader.checkCerts(ClassLoader.java:1151)
    at java.base/java.lang.ClassLoader.preDefineClass(ClassLoader.java:906)
    at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1015)
    at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:151)
    at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:821)
    at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:719)
    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:642)
    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:600)
    at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
    at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
    at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:431)
    at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallAgentmain(InstrumentationImpl.java:535)

该代理没有可能触发此错误的代码,因为现在它只是一个用于测试的单个System.out.println语句。我使用以下代码来注入代理:

VirtualMachine vm = VirtualMachine.attach(vmd);
vm.loadAgent("myagentpath");
vm.detach();

目标应用程序正在运行正常的Java发行版。我不认为这是我的代码的问题。是否有人知道可能是什么原因引起了这个错误?

英文:

I am trying to create a dynamic java agent, but when the agent is loaded this error is thrown:

com.sun.tools.attach.AgentInitializationException: Agent JAR loaded but agent failed to initialize
    at jdk.attach/sun.tools.attach.HotSpotVirtualMachine.loadAgent(HotSpotVirtualMachine.java:165)
    at jdk.attach/com.sun.tools.attach.VirtualMachine.loadAgent(VirtualMachine.java:538)
    at injector.main(injector.java:20)

And this is the error that is shown on the target application:

java.lang.SecurityException: class "agent"'s signer information does not match signer information of other classes in the same package
  at java.base/java.lang.ClassLoader.checkCerts(ClassLoader.java:1151)
  at java.base/java.lang.ClassLoader.preDefineClass(ClassLoader.java:906)
  at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1015)
  at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:151)
  at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:821)
  at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:719)
  at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:642)
  at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:600)
  at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
  at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
  at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:431)
  at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallAgentmain(InstrumentationImpl.java:535)

The agent has no code that could possibly trigger the error because right now it is a single System.out.println statement for testing. I use this code to inject the agent:

VirtualMachine vm = VirtualMachine.attach(vmd);
vm.loadAgent("myagentpath");
vm.detach();

The target application is running a normal distribution of java. I do not believe that it is an issue with my code. Does anyone know what could be causing this?

答案1

得分: 1

> 签名者信息与同一包中其他类的签名者信息不匹配

> 在同一包中的类从不同的 JAR 文件中加载时会出现这个问题,而这些 JAR 文件在类路径上具有不同证书的签名 - 或者更常见的情况是,至少有一个是经过签名的,而其他一个或多个则没有经过签名。因此,请确保所有的 JAR 文件(或至少包含相同包中类的那些文件)都使用相同的证书进行签名,或者从具有重叠包的 JAR 文件的清单中移除这些签名。

英文:

> signer information does not match signer information of other classes
> in the same package

This happens when classes belonging to the same package are loaded from different JAR files present on the classpath, and those JAR files have signatures signed with different certificates - or, perhaps more often, at least one is signed and one or more others are not. So either make sure all JARs (or at least those which contain classes from the same packages) are signed using the same certificate or remove the signatures from the manifest of JAR files with overlapping packages.

huangapple
  • 本文由 发表于 2020年8月23日 10:54:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/63542954.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定