-
Type:
Bug
-
Resolution: Incomplete
-
Priority:
P3
-
None
-
Affects Version/s: 8u131
-
Component/s: security-libs
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Versión 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
It occurs when a digital signature is made by accessing the Windows certificate repository (Windows-MY) using the SunMSCAPI provider, and RSA and having a certificate installed with a password to protect the private key. From the jdk / jre version 1.8.1_121, the sign method does not request the password to sign. In addition, once it has been signed with this certificate (by calling the sign method of the java.security.Signature class), the password for that certificate is deleted in the Windows certificate repository.
REGRESSION. Last worked in version 8u112
ADDITIONAL REGRESSION INFORMATION:
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
- Install a certificate on Windows With high private key protection (with password)
- Load the keystore ("Windows-MY", "SunMSCAPI")
- When you have the keystore instance, get the private key of certificate (KeyStore.getKey(alias, password)
- Initalize the Signature objtect with With the algorithm SHA1withRSA and the private Key
- Add the data to sign.
- Call to the sign() method.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Before signing the data, the certificate access password is prompted.
ACTUAL -
The data is signed while the password dialog is not prompted
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
ks.load(null, null);
char[] password = null;
//Get a valid certificate alias
String alias = "Certificate alias";
PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password);
byte[] hash = "data to sign".getBytes();
Signature sig = Signature.getInstance("SHA1withRSA", "SunMSCAPI");
sig.initSign(privateKey);
sig.update(hash);
byte[] signedHash = sig.sign();
---------- END SOURCE ----------
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Versión 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
It occurs when a digital signature is made by accessing the Windows certificate repository (Windows-MY) using the SunMSCAPI provider, and RSA and having a certificate installed with a password to protect the private key. From the jdk / jre version 1.8.1_121, the sign method does not request the password to sign. In addition, once it has been signed with this certificate (by calling the sign method of the java.security.Signature class), the password for that certificate is deleted in the Windows certificate repository.
REGRESSION. Last worked in version 8u112
ADDITIONAL REGRESSION INFORMATION:
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
- Install a certificate on Windows With high private key protection (with password)
- Load the keystore ("Windows-MY", "SunMSCAPI")
- When you have the keystore instance, get the private key of certificate (KeyStore.getKey(alias, password)
- Initalize the Signature objtect with With the algorithm SHA1withRSA and the private Key
- Add the data to sign.
- Call to the sign() method.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Before signing the data, the certificate access password is prompted.
ACTUAL -
The data is signed while the password dialog is not prompted
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
ks.load(null, null);
char[] password = null;
//Get a valid certificate alias
String alias = "Certificate alias";
PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password);
byte[] hash = "data to sign".getBytes();
Signature sig = Signature.getInstance("SHA1withRSA", "SunMSCAPI");
sig.initSign(privateKey);
sig.update(hash);
byte[] signedHash = sig.sign();
---------- END SOURCE ----------