-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
openjdk8u292
ADDITIONAL SYSTEM INFORMATION :
openjdk version "1.8.0_292"
OpenJDK Runtime Environment (build 1.8.0_292-b10)
OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)
Ubuntu_2004 and Windows10_20H2
A DESCRIPTION OF THE PROBLEM :
Exception when setting a KeyStore entry.
The exception does not happen always. It seems to be timing related. We have attached a minimal reproducer that we could get to reliably fail when executing in debug mode from within the Eclipse IDE.
We suspect it has to do with https://bugs.openjdk.java.net/browse/JDK-8156584 / https://bugs.openjdk.java.net/browse/JDK-8157190
While searching for solutions we stumbled upon this: https://github.com/bcgit/bc-java/issues/941
REGRESSION : Last worked in version 8
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a new Eclipse project and insert the given source file. Configure the affected JDK for running and as library and execute in debug mode.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Code should execute without problems
ACTUAL -
Exception in thread "main" java.security.KeyStoreException: Key protection algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677)
at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
at TestJavaMain.main(TestJavaMain.java:65)
Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921)
at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
... 3 more
Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938)
at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895)
... 4 more
---------- BEGIN SOURCE ----------
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
public class TestJavaMain {
private static final String KEY =
"-----BEGIN PRIVATE KEY-----\r\n"
+ "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAkNYaGGK2+f8B14Yq\r\n"
+ "0DZlAhlfzObkJI3/86CpeomWyYF8FZ3jUj4wPtRKZ+fjFT/ScguLLoPx4qTUFkaG\r\n"
+ "E0eRKwIDAQABAkEAiX839r6ABoTYMsrkChYZfgyordTj8O/9dEOpoPLNey1MDFi+\r\n"
+ "DfxnOV96qV1NC3Eftb0+W9m3CzXEpP1yhcnNgQIhAMDjKHg8MEk6zBRa00wHCnEG\r\n"
+ "kp9shUlmXaQoci34IBJZAiEAwDoK/GO6zAhREvUd2LCqD3WweAxKF+QlahVBkRK1\r\n"
+ "pyMCIQC96WpZJ3mrQDba+6n6uxvuuLf4O5Ln99/O1vvEgv6g0QIgaYPy39PGh5TR\r\n"
+ "G/zco0NmNhI+CceFLFQZjX+ZfA6vE80CIC7dOgSpgqIY1nuSQhhNrNwqlM90YHWA\r\n"
+ "PUgddasePJW+\r\n"
+ "-----END PRIVATE KEY-----\r\n";
private static final String CERTIFICATE =
"-----BEGIN CERTIFICATE-----\r\n"
+ "MIIBGzCBxqADAgECAggBVa0QmShGZjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQD\r\n"
+ "DAh0ZXN0X2NydDAeFw0yMTA0MjcxMDEyMDBaFw0yMjA0MjcxMDEyMDBaMBMxETAP\r\n"
+ "BgNVBAMMCHRlc3RfY3J0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJDWGhhitvn/\r\n"
+ "AdeGKtA2ZQIZX8zm5CSN//OgqXqJlsmBfBWd41I+MD7USmfn4xU/0nILiy6D8eKk\r\n"
+ "1BZGhhNHkSsCAwEAATANBgkqhkiG9w0BAQUFAANBAD5qJwARPhpKn/zL03p7E/DL\r\n"
+ "AB3HP/X6klwg3BkxvItG/PjBtQtf44Zn7kkbxk57jwCuuxSAtgW3Z/hTyl/0/U4=\r\n"
+ "-----END CERTIFICATE-----\r\n";
private static Key loadPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
final String base64Key =
TestJavaMain.KEY
.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
.replace("\r", "")
.replace("\n", "");
final byte[] encodedKey = Base64.getDecoder().decode(base64Key);
final KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
}
private static Certificate loadCertificate() throws CertificateException, IOException {
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final byte[] cert = TestJavaMain.CERTIFICATE.getBytes(StandardCharsets.UTF_8);
try (final InputStream is = new ByteArrayInputStream(cert)) {
return cf.generateCertificate(is);
}
}
public static void main(final String[] args) throws Exception {
final Key key = TestJavaMain.loadPrivateKey();
final Certificate[] certificates = new Certificate[] {TestJavaMain.loadCertificate()};
final char[] password = "password".toCharArray();
final KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(null, password);
keyStore.setKeyEntry("alias", key, password, certificates);
}
}
---------- END SOURCE ----------
FREQUENCY : occasionally
openjdk version "1.8.0_292"
OpenJDK Runtime Environment (build 1.8.0_292-b10)
OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)
Ubuntu_2004 and Windows10_20H2
A DESCRIPTION OF THE PROBLEM :
Exception when setting a KeyStore entry.
The exception does not happen always. It seems to be timing related. We have attached a minimal reproducer that we could get to reliably fail when executing in debug mode from within the Eclipse IDE.
We suspect it has to do with https://bugs.openjdk.java.net/browse/JDK-8156584 / https://bugs.openjdk.java.net/browse/JDK-8157190
While searching for solutions we stumbled upon this: https://github.com/bcgit/bc-java/issues/941
REGRESSION : Last worked in version 8
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a new Eclipse project and insert the given source file. Configure the affected JDK for running and as library and execute in debug mode.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Code should execute without problems
ACTUAL -
Exception in thread "main" java.security.KeyStoreException: Key protection algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677)
at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
at TestJavaMain.main(TestJavaMain.java:65)
Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921)
at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
... 3 more
Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938)
at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895)
... 4 more
---------- BEGIN SOURCE ----------
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
public class TestJavaMain {
private static final String KEY =
"-----BEGIN PRIVATE KEY-----\r\n"
+ "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAkNYaGGK2+f8B14Yq\r\n"
+ "0DZlAhlfzObkJI3/86CpeomWyYF8FZ3jUj4wPtRKZ+fjFT/ScguLLoPx4qTUFkaG\r\n"
+ "E0eRKwIDAQABAkEAiX839r6ABoTYMsrkChYZfgyordTj8O/9dEOpoPLNey1MDFi+\r\n"
+ "DfxnOV96qV1NC3Eftb0+W9m3CzXEpP1yhcnNgQIhAMDjKHg8MEk6zBRa00wHCnEG\r\n"
+ "kp9shUlmXaQoci34IBJZAiEAwDoK/GO6zAhREvUd2LCqD3WweAxKF+QlahVBkRK1\r\n"
+ "pyMCIQC96WpZJ3mrQDba+6n6uxvuuLf4O5Ln99/O1vvEgv6g0QIgaYPy39PGh5TR\r\n"
+ "G/zco0NmNhI+CceFLFQZjX+ZfA6vE80CIC7dOgSpgqIY1nuSQhhNrNwqlM90YHWA\r\n"
+ "PUgddasePJW+\r\n"
+ "-----END PRIVATE KEY-----\r\n";
private static final String CERTIFICATE =
"-----BEGIN CERTIFICATE-----\r\n"
+ "MIIBGzCBxqADAgECAggBVa0QmShGZjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQD\r\n"
+ "DAh0ZXN0X2NydDAeFw0yMTA0MjcxMDEyMDBaFw0yMjA0MjcxMDEyMDBaMBMxETAP\r\n"
+ "BgNVBAMMCHRlc3RfY3J0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJDWGhhitvn/\r\n"
+ "AdeGKtA2ZQIZX8zm5CSN//OgqXqJlsmBfBWd41I+MD7USmfn4xU/0nILiy6D8eKk\r\n"
+ "1BZGhhNHkSsCAwEAATANBgkqhkiG9w0BAQUFAANBAD5qJwARPhpKn/zL03p7E/DL\r\n"
+ "AB3HP/X6klwg3BkxvItG/PjBtQtf44Zn7kkbxk57jwCuuxSAtgW3Z/hTyl/0/U4=\r\n"
+ "-----END CERTIFICATE-----\r\n";
private static Key loadPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
final String base64Key =
TestJavaMain.KEY
.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
.replace("\r", "")
.replace("\n", "");
final byte[] encodedKey = Base64.getDecoder().decode(base64Key);
final KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
}
private static Certificate loadCertificate() throws CertificateException, IOException {
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final byte[] cert = TestJavaMain.CERTIFICATE.getBytes(StandardCharsets.UTF_8);
try (final InputStream is = new ByteArrayInputStream(cert)) {
return cf.generateCertificate(is);
}
}
public static void main(final String[] args) throws Exception {
final Key key = TestJavaMain.loadPrivateKey();
final Certificate[] certificates = new Certificate[] {TestJavaMain.loadCertificate()};
final char[] password = "password".toCharArray();
final KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(null, password);
keyStore.setKeyEntry("alias", key, password, certificates);
}
}
---------- END SOURCE ----------
FREQUENCY : occasionally
- duplicates
-
-
- Closed
-
-
-
- Resolved
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
(1 relates to)