-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
openjdk8u292
A DESCRIPTION OF THE PROBLEM :
During class loading from a signed Jar an initialization of the sun.security.x509.AlgorithmId class may happen (via sun.security.pkcs.SignerInfo#verify(sun.security.pkcs.PKCS7, byte[]) lines 375ff) but at that point only a fraction of the Providers are actually being returned from Security.getProviders(). This initialization only happens once, so if e.g. I try to do something that requires the HmacSHA512 algorithm it is not available and causes a NoSuchAlgorithmException.
This wasn't happening with Update 281.
REGRESSION : Last worked in version 8
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
The test class below requires the BouncyCastle library, but I guess any class from a signed jar would work that uses an algorithm that comes from a provider. In my example the verification tries to find the "SHA256withRSA" algorithm during Verification. The Security.getProviders() call in this context uses a subset of the registered providers, the com.sun.crypto.provider.SunJCE one is not among them like it normally would be.
This is an example that directly accesses the AlgorithmId class, but in my real world example this would be triggered indirectly through saving a HmacSHA512 Key to a PKCS12 Keystore that is used in a JWT Authentication service.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The code should run without any exceptions on Update 291.
ACTUAL -
This runs fine on Version before Update 291. With Update 291 this causes the following exception:
Exception in thread "main" java.security.NoSuchAlgorithmException: unrecognized algorithm name: HmacSHA512
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
at Test.main(Test.java:13)
---------- BEGIN SOURCE ----------
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import sun.security.x509.AlgorithmId;
public class Test {
public static void main(String[] args) throws Exception {
new BouncyCastleProvider();
AlgorithmId alg = AlgorithmId.get("HmacSHA512");
System.out.println(alg);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
None that I have found and would have the same result as with older Java Versions
FREQUENCY : always
During class loading from a signed Jar an initialization of the sun.security.x509.AlgorithmId class may happen (via sun.security.pkcs.SignerInfo#verify(sun.security.pkcs.PKCS7, byte[]) lines 375ff) but at that point only a fraction of the Providers are actually being returned from Security.getProviders(). This initialization only happens once, so if e.g. I try to do something that requires the HmacSHA512 algorithm it is not available and causes a NoSuchAlgorithmException.
This wasn't happening with Update 281.
REGRESSION : Last worked in version 8
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
The test class below requires the BouncyCastle library, but I guess any class from a signed jar would work that uses an algorithm that comes from a provider. In my example the verification tries to find the "SHA256withRSA" algorithm during Verification. The Security.getProviders() call in this context uses a subset of the registered providers, the com.sun.crypto.provider.SunJCE one is not among them like it normally would be.
This is an example that directly accesses the AlgorithmId class, but in my real world example this would be triggered indirectly through saving a HmacSHA512 Key to a PKCS12 Keystore that is used in a JWT Authentication service.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The code should run without any exceptions on Update 291.
ACTUAL -
This runs fine on Version before Update 291. With Update 291 this causes the following exception:
Exception in thread "main" java.security.NoSuchAlgorithmException: unrecognized algorithm name: HmacSHA512
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
at Test.main(Test.java:13)
---------- BEGIN SOURCE ----------
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import sun.security.x509.AlgorithmId;
public class Test {
public static void main(String[] args) throws Exception {
new BouncyCastleProvider();
AlgorithmId alg = AlgorithmId.get("HmacSHA512");
System.out.println(alg);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
None that I have found and would have the same result as with older Java Versions
FREQUENCY : always
- duplicates
-
-
- Resolved
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-