Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8313742

ZipFile.getManifestName fails during jar verification for Spring Boot

    XMLWordPrintable

Details

    • b01
    • 17
    • b24
    • generic
    • generic

    Backports

      Description

        ADDITIONAL SYSTEM INFORMATION :
        Windows 10 22H2

        java version "17.0.8" 2023-07-18 LTS
        Java(TM) SE Runtime Environment (build 17.0.8+9-LTS-211)
        Java HotSpot(TM) 64-Bit Server VM (build 17.0.8+9-LTS-211, mixed mode, sharing)

        A DESCRIPTION OF THE PROBLEM :
        Loading a keystore using BouncyCastleProvider causes the following error:

        error constructing MAC: java.lang.SecurityException: JCE cannot authenticate the provider BC

        A debugging session revealed the following details.

        javax.crypto.JarVerifier.verifySingleFile first closes the file:

        Enumeration<JarEntry> entries = jf.entries();

        and later tries to read it:

        if (!jarManifestNameChecked && SharedSecrets.getJavaUtilZipFileAccess().getManifestName(jf, true) == null) {

        which causes a "zip file closed" error.

        The problem is well known:
        https://github.com/spring-projects/spring-boot/issues/28837
        https://github.com/bcgit/bc-java/issues/1067

        REGRESSION : Last worked in version 11.0.20

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        I reproduced the issue in a simple spring boot application:
        See demoBugJarVerifier-main.zip
        Readme file explains the details, but it boils down to building a fat jar and launching it.

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        Program should finish without errors.
        ACTUAL -
        Program stops with an exception:

        Caused by: java.io.IOException: error constructing MAC: java.lang.SecurityException: JCE cannot authenticate the provider BC

        ---------- BEGIN SOURCE ----------
        See demoBugJarVerifier-main.zip
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        Use jks (not pkcs12) or don't use fat jar for bcprov-jdk15on.

        FREQUENCY : always


        Attachments

          Issue Links

            Activity

              People

                coffeys Sean Coffey
                webbuggrp Webbug Group
                Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: