Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Several Java import statements specify wildcard arguments. However, due to the use of wildcard arguments in the import statements of the source code contained in the Red Hat Enterprise Linux 6 maintenance branch, a name space collision created the potential for a wrong class to be utilized. As a consequence, the Token Processing System (TPS) rebuild test failed with an error message. This update addresses the bug by supplying the fully named class in all of the contentious areas, and the TPS rebuild test no longer fails. (BZ#1144188)
DescriptionMatthew Harmsen
2014-09-18 23:44:41 UTC
During the TPS testing of the 'pki-core' component for the RHEL 6.6 errata, a failure occurred when the TPS rebuild test failed with the following error:
com/netscape/ca/CAService.java:642: error: reference to Extension is ambiguous, both interface java.security.cert.Extension in java.security.cert and class netscape.security.x509.Extension in netscape.security.x509 match
Extension ext = (Extension) e.nextElement();
^
com/netscape/ca/CAService.java:642: error: reference to Extension is ambiguous, both interface java.security.cert.Extension in java.security.cert and class netscape.security.x509.Extension in netscape.security.x509 match
Extension ext = (Extension) e.nextElement();
This was due to the use of "wildcards" in the import statements of the source code contained in the RHEL 6 maintenance branch (a problem that has been alleviated in newer versions of the product):
. . .
import netscape.security.x509.*;
import netscape.security.util.BigInt;
import netscape.security.util.*;
import java.security.cert.*;
. . .
For the purposes of RHEL 6.7, we should apply the following minimal fix so that the TPS tests will succeed:
diff --git a/base/ca/src/com/netscape/ca/CAService.java b/base/ca/src/com/netscape/ca/CAService.java
index a63391d..43bb3dd 100644
--- a/base/ca/src/com/netscape/ca/CAService.java
+++ b/base/ca/src/com/netscape/ca/CAService.java
@@ -639,7 +639,7 @@ public class CAService implements ICAService, IService {
Enumeration e = exts.getElements();
while (e.hasMoreElements()) {
- Extension ext = (Extension) e.nextElement();
+ netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e.nextElement();
if (ext.getExtensionId().toString().equals(PKIXExtensions.BasicConstraints_Id.toString())) {
bc_ext = (BasicConstraintsExtension) ext;
The issue is stated as follows:
com/netscape/ca/CAService.java:642: error: reference to Extension is
ambiguous, both interface java.security.cert.Extension in
java.security.cert and class netscape.security.x509.Extension in
netscape.security.x509 match
Extension ext = (Extension) e.nextElement();
This never used to be a problem before because java.security.cert.Extension was only introduced in Java 7. This also won't be a problem unless java.security.cert.Extension is found in the classpath before netscape.security.x509.Extension.
If it is though, and ext is instantiated as a netscape.security.x509.Extension, then some subsequent calls - like ext.getExtensionId() will fail.
Now, this code is in a function called issueX509Cert() - which sounds like its
pretty important. In fact, I suspect its executed whenever we issue a cert.
Thats a double edged sword -- we know that we have not had any
issues - so its likely that the classpath is set up correctly. On the other hand, do we want to rely on this for such an important bit of code? Remember that classpath issues are notoriously difficult to debug.
Incidentally, on looking at this code, I think that Matt's initial solution needs to be tweaked a bit, so that the Enumeration is also typed -- ie.
Enumeration e = exts.getElements(); should become
Enumeration<netscape.security.x509.Extension> e = exts.getElements();
Created attachment 941624[details]
pki-core-9.0.3-bz1144188.patch
Although we attempted to follow the Z-Stream procedures for a 0-day errata located at https://home.corp.redhat.com/wiki/working-z-streams, we were informed by release-engineering that if we checked this patch into the rhel-6.6 dist-git branch, that rhel-6.7 would be cloned from the rhel-6.6 branch (thus picking up this patch).
Created attachment 941632[details]
pki-core.spec
Although we attempted to follow the Z-Stream procedures for a 0-day errata located at https://home.corp.redhat.com/wiki/working-z-streams, we were informed by release-engineering that if we checked this spec file into the rhel-6.6 dist-git branch, that rhel-6.7 would be cloned from the rhel-6.6 branch (thus picking up this spec file).
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHSA-2015-1347.html
During the TPS testing of the 'pki-core' component for the RHEL 6.6 errata, a failure occurred when the TPS rebuild test failed with the following error: com/netscape/ca/CAService.java:642: error: reference to Extension is ambiguous, both interface java.security.cert.Extension in java.security.cert and class netscape.security.x509.Extension in netscape.security.x509 match Extension ext = (Extension) e.nextElement(); ^ com/netscape/ca/CAService.java:642: error: reference to Extension is ambiguous, both interface java.security.cert.Extension in java.security.cert and class netscape.security.x509.Extension in netscape.security.x509 match Extension ext = (Extension) e.nextElement(); This was due to the use of "wildcards" in the import statements of the source code contained in the RHEL 6 maintenance branch (a problem that has been alleviated in newer versions of the product): . . . import netscape.security.x509.*; import netscape.security.util.BigInt; import netscape.security.util.*; import java.security.cert.*; . . . For the purposes of RHEL 6.7, we should apply the following minimal fix so that the TPS tests will succeed: diff --git a/base/ca/src/com/netscape/ca/CAService.java b/base/ca/src/com/netscape/ca/CAService.java index a63391d..43bb3dd 100644 --- a/base/ca/src/com/netscape/ca/CAService.java +++ b/base/ca/src/com/netscape/ca/CAService.java @@ -639,7 +639,7 @@ public class CAService implements ICAService, IService { Enumeration e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension) e.nextElement(); + netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e.nextElement(); if (ext.getExtensionId().toString().equals(PKIXExtensions.BasicConstraints_Id.toString())) { bc_ext = (BasicConstraintsExtension) ext;