-
Bug
-
Resolution: Fixed
-
P3
-
17, 20, 21
-
b01
-
b24
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8320108 | 21.0.3-oracle | Sean Coffey | P3 | Resolved | Fixed | b01 |
| JDK-8320670 | 21.0.2 | Sean Coffey | P3 | Closed | Fixed | b09 |
| JDK-8320163 | 17.0.11-oracle | Sean Coffey | P3 | Resolved | Fixed | b01 |
| JDK-8320669 | 17.0.10-oracle | Sean Coffey | P3 | Closed | Fixed | b09 |
| JDK-8321181 | 17.0.9.0.3-oracle | Sean Coffey | P3 | Closed | Fixed | b01 |
ADDITIONAL SYSTEM INFORMATION :
Windows 10 22H2
java version "17.0.8" 2023-07-18 LTS
Java(TM) SE Runtime Environment (build 17.0.8+9-LTS-211)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.8+9-LTS-211, mixed mode, sharing)
A DESCRIPTION OF THE PROBLEM :
Loading a keystore using BouncyCastleProvider causes the following error:
error constructing MAC: java.lang.SecurityException: JCE cannot authenticate the provider BC
A debugging session revealed the following details.
javax.crypto.JarVerifier.verifySingleFile first closes the file:
Enumeration<JarEntry> entries = jf.entries();
and later tries to read it:
if (!jarManifestNameChecked && SharedSecrets.getJavaUtilZipFileAccess().getManifestName(jf, true) == null) {
which causes a "zip file closed" error.
The problem is well known:
https://github.com/spring-projects/spring-boot/issues/28837
https://github.com/bcgit/bc-java/issues/1067
REGRESSION : Last worked in version 11.0.20
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
I reproduced the issue in a simple spring boot application:
See demoBugJarVerifier-main.zip
Readme file explains the details, but it boils down to building a fat jar and launching it.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Program should finish without errors.
ACTUAL -
Program stops with an exception:
Caused by: java.io.IOException: error constructing MAC: java.lang.SecurityException: JCE cannot authenticate the provider BC
---------- BEGIN SOURCE ----------
See demoBugJarVerifier-main.zip
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Use jks (not pkcs12) or don't use fat jar for bcprov-jdk15on.
FREQUENCY : always
Windows 10 22H2
java version "17.0.8" 2023-07-18 LTS
Java(TM) SE Runtime Environment (build 17.0.8+9-LTS-211)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.8+9-LTS-211, mixed mode, sharing)
A DESCRIPTION OF THE PROBLEM :
Loading a keystore using BouncyCastleProvider causes the following error:
error constructing MAC: java.lang.SecurityException: JCE cannot authenticate the provider BC
A debugging session revealed the following details.
javax.crypto.JarVerifier.verifySingleFile first closes the file:
Enumeration<JarEntry> entries = jf.entries();
and later tries to read it:
if (!jarManifestNameChecked && SharedSecrets.getJavaUtilZipFileAccess().getManifestName(jf, true) == null) {
which causes a "zip file closed" error.
The problem is well known:
https://github.com/spring-projects/spring-boot/issues/28837
https://github.com/bcgit/bc-java/issues/1067
REGRESSION : Last worked in version 11.0.20
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
I reproduced the issue in a simple spring boot application:
See demoBugJarVerifier-main.zip
Readme file explains the details, but it boils down to building a fat jar and launching it.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Program should finish without errors.
ACTUAL -
Program stops with an exception:
Caused by: java.io.IOException: error constructing MAC: java.lang.SecurityException: JCE cannot authenticate the provider BC
---------- BEGIN SOURCE ----------
See demoBugJarVerifier-main.zip
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Use jks (not pkcs12) or don't use fat jar for bcprov-jdk15on.
FREQUENCY : always
- backported by
-
JDK-8320108 ZipFile.getManifestName fails during jar verification for Spring Boot
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-