-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8u121
-
x86
-
other
FULL PRODUCT VERSION :
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) Client VM (build 25.121-b13, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 10.0.10586]
A DESCRIPTION OF THE PROBLEM :
Dear support team,
Regression in implementation class java.security.Signature - class java.security.Signature$Delegate
method verify(String)
Java 8 update 112 - works,
Java 8 update 121 - throws exception:
"java.security.SignatureException: Invalid encoding for signature"
suppressedExceptions Collections$UnmodifiableRandomAccessList<E> (id=105)
REGRESSION. Last worked in version 8u112
ADDITIONAL REGRESSION INFORMATION:
// loading certificate on local computer
InputStream in = new Base64InputStream(SecurityUtil.createFileInputStream(new File(whitelistDir, certificateName)));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(in);
// initialization of Signature
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(certificate);
// the checksum is done against the decoded utf-16 data
signature.update(parameterWhiteListBytes);
retVal = signature.verify(checkSigBytes);
***
where, parameterWhiteList = new String(parameterWhiteListBytes, "UTF-16BE");
exception happens on "retVal = signature.verify(checkSigBytes);" line only in Java 8 update 121 (update 112 - works fine).
Looks like issue is related to "suppressedExceptions Collections$UnmodifiableRandomAccessList<E> (id=105) "
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
run provided code.
If required, we can provide certificate file, signature and original "parameterWhiteListBytes"
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
works on Java 8 update 121
ACTUAL -
regression on Java 8 update 121
ERROR MESSAGES/STACK TRACES THAT OCCUR :
"java.security.SignatureException: Invalid encoding for signature"
suppressedExceptions Collections$UnmodifiableRandomAccessList<E> (id=105)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import com.sap.pls.up.Base64InputStream;
/**
* Title: <TBD>
* Description: <TBD>
* Copyright: Copyright (c) 2015+ Company: SAP SE
*
* @author Mykola Gorbarov (d043357)
* @version 1.0
*/
public class SignTestBUG {
public static void main(String[] args) {
String p1 = "_data_here_";
String s1 = "_signature_here_";
boolean isOK = false;
try {
InputStream in = new Base64InputStream(new FileInputStream(new File("path_to_cert_file")));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(in);
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(certificate);
// the checksum is done against the decoded utf-16 data
signature.update(p1.getBytes());
isOK = signature.verify(s1.getBytes());
} catch (Exception e) {
e.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
does not exist
SUPPORT :
YES
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) Client VM (build 25.121-b13, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 10.0.10586]
A DESCRIPTION OF THE PROBLEM :
Dear support team,
Regression in implementation class java.security.Signature - class java.security.Signature$Delegate
method verify(String)
Java 8 update 112 - works,
Java 8 update 121 - throws exception:
"java.security.SignatureException: Invalid encoding for signature"
suppressedExceptions Collections$UnmodifiableRandomAccessList<E> (id=105)
REGRESSION. Last worked in version 8u112
ADDITIONAL REGRESSION INFORMATION:
// loading certificate on local computer
InputStream in = new Base64InputStream(SecurityUtil.createFileInputStream(new File(whitelistDir, certificateName)));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(in);
// initialization of Signature
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(certificate);
// the checksum is done against the decoded utf-16 data
signature.update(parameterWhiteListBytes);
retVal = signature.verify(checkSigBytes);
***
where, parameterWhiteList = new String(parameterWhiteListBytes, "UTF-16BE");
exception happens on "retVal = signature.verify(checkSigBytes);" line only in Java 8 update 121 (update 112 - works fine).
Looks like issue is related to "suppressedExceptions Collections$UnmodifiableRandomAccessList<E> (id=105) "
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
run provided code.
If required, we can provide certificate file, signature and original "parameterWhiteListBytes"
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
works on Java 8 update 121
ACTUAL -
regression on Java 8 update 121
ERROR MESSAGES/STACK TRACES THAT OCCUR :
"java.security.SignatureException: Invalid encoding for signature"
suppressedExceptions Collections$UnmodifiableRandomAccessList<E> (id=105)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import com.sap.pls.up.Base64InputStream;
/**
* Title: <TBD>
* Description: <TBD>
* Copyright: Copyright (c) 2015+ Company: SAP SE
*
* @author Mykola Gorbarov (d043357)
* @version 1.0
*/
public class SignTestBUG {
public static void main(String[] args) {
String p1 = "_data_here_";
String s1 = "_signature_here_";
boolean isOK = false;
try {
InputStream in = new Base64InputStream(new FileInputStream(new File("path_to_cert_file")));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(in);
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(certificate);
// the checksum is done against the decoded utf-16 data
signature.update(p1.getBytes());
isOK = signature.verify(s1.getBytes());
} catch (Exception e) {
e.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
does not exist
SUPPORT :
YES