Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8134232

KeyStore.load() throws an IOException with a wrong cause in case of wrong password

    XMLWordPrintable

Details

    Backports

      Description

        According to [1], KeyStore.load(InputStream, char[]) method should throw an IOException, and the cause of the IOException should be an UnrecoverableKeyException:

        ...
        Throws:
        IOException - if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException
        ...

        But in case of PKCS11 keystore it throws an IOException, and the cause is javax.security.auth.login.FailedLoginException:

        java.io.IOException: load failed
        at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:761)
        at java.security.KeyStore.load(KeyStore.java:1459)
        at LoadKeystore.main(LoadKeystore.java:73)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:504)
        at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:92)
        at java.lang.Thread.run(Thread.java:746)
        Caused by: javax.security.auth.login.FailedLoginException
        at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1253)
        at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:847)
        at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:751)
        ... 8 more
        Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_INCORRECT
        at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
        at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1241)
        ... 10 more

        Please use attached LoadKeystore.java test to reproduce the problem.

        The implementation should follow the spec in all cases. Need to check other keystore types listed in [2].

        [1] http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#load-java.io.InputStream-char:A-
        [2] http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8142054 KeyStore.load() throws an IOException with a wrong cause in case of wrong password

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8154916 KeyStore.load() throws an IOException with a wrong cause in case of wrong password

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8163675 KeyStore.load() throws an IOException with a wrong cause in case of wrong password

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8167801 KeyStore.load() throws an IOException with a wrong cause in case of wrong password

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8240005 KeyStore.load() throws an IOException with a wrong cause in case of wrong password

            • P3 - Major loss of function.
            • Resolved
            relates to

            Enhancement - null JDK-8048622 Enhance tests for PKCS11 keystores with NSS

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8169964 Keystore password verification failed after JDK upgrade to 8u112

            • P3 - Major loss of function.
            • Closed

            Activity

              People

                asmotrak Artem Smotrakov
                asmotrak Artem Smotrakov
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: