-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
11.0.2
-
x86_64
-
windows_10
ADDITIONAL SYSTEM INFORMATION :
Windows 10 (1803)
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)
and
Java(TM) SE Runtime Environment 18.9 (build 11.0.2+9-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.2+9-LTS, mixed mode)
A DESCRIPTION OF THE PROBLEM :
The PowerShell function "Export-PfxCertificate" supports exporting a certificate using either TripleDES_SHA1 or AES256_SHA256. I can open the exported PFX using java.security.keystore when I use TripleDES_SHA1, but not if I use AES256_SHA256.
Steps to reproduce the behavior:
$Cert = dir Cert:\LocalMachine\My | Where-Object -Filter { $_.Thumbprint -eq "0141F6F8D22D8227595D52820D91AEB213725AF7" }
$PFXPassword = Read-Host "Enter password" -AsSecureString
Export-PfxCertificate -Cert $Cert -Password $PFXPassword -FilePath .\TripleDES.pfx -CryptoAlgorithmOption TripleDES_SHA1
Export-PfxCertificate -Cert $Cert -Password $PFXPassword -FilePath .\AES256.pfx -CryptoAlgorithmOption AES256_SHA256
The following code demonstrates the problem:
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Enumeration;
import java.util.Objects;
public class Main {
public static void main(String[] args) throws Exception {
KeyStore keystore;
File certFile = new File("AES256.pfx");
String password = new String("Password");
try {
keystore = KeyStore.getInstance("pkcs12");
keystore.load(new FileInputStream(certFile),
password.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
}
}
Testing with 1.8.0_202 and 11.0.2 produces the following errors:
java version "1.8.0_202"
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)
java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:816)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2018)
at java.security.KeyStore.load(KeyStore.java:1445)
at Main.main(Main.java:16)
Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257)
at sun.security.util.DerInputStream.getOID(DerInputStream.java:314)
at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:812)
... 3 more
java version "11.0.2" 2019-01-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.2+9-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.2+9-LTS, mixed mode)
java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2108)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at Main.main(Main.java:16)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 4 more
The programs works correctly in openjdk 12+33. Can this support be backported to earlier versions?
Windows 10 (1803)
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)
and
Java(TM) SE Runtime Environment 18.9 (build 11.0.2+9-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.2+9-LTS, mixed mode)
A DESCRIPTION OF THE PROBLEM :
The PowerShell function "Export-PfxCertificate" supports exporting a certificate using either TripleDES_SHA1 or AES256_SHA256. I can open the exported PFX using java.security.keystore when I use TripleDES_SHA1, but not if I use AES256_SHA256.
Steps to reproduce the behavior:
$Cert = dir Cert:\LocalMachine\My | Where-Object -Filter { $_.Thumbprint -eq "0141F6F8D22D8227595D52820D91AEB213725AF7" }
$PFXPassword = Read-Host "Enter password" -AsSecureString
Export-PfxCertificate -Cert $Cert -Password $PFXPassword -FilePath .\TripleDES.pfx -CryptoAlgorithmOption TripleDES_SHA1
Export-PfxCertificate -Cert $Cert -Password $PFXPassword -FilePath .\AES256.pfx -CryptoAlgorithmOption AES256_SHA256
The following code demonstrates the problem:
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Enumeration;
import java.util.Objects;
public class Main {
public static void main(String[] args) throws Exception {
KeyStore keystore;
File certFile = new File("AES256.pfx");
String password = new String("Password");
try {
keystore = KeyStore.getInstance("pkcs12");
keystore.load(new FileInputStream(certFile),
password.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
}
}
Testing with 1.8.0_202 and 11.0.2 produces the following errors:
java version "1.8.0_202"
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)
java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:816)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2018)
at java.security.KeyStore.load(KeyStore.java:1445)
at Main.main(Main.java:16)
Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257)
at sun.security.util.DerInputStream.getOID(DerInputStream.java:314)
at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:812)
... 3 more
java version "11.0.2" 2019-01-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.2+9-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.2+9-LTS, mixed mode)
java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2108)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at Main.main(Main.java:16)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 4 more
The programs works correctly in openjdk 12+33. Can this support be backported to earlier versions?
- duplicates
-
-
- Closed
-