-
Bug
-
Resolution: Unresolved
-
P4
-
23
-
x86_64
-
windows
ADDITIONAL SYSTEM INFORMATION :
Windows 10/11 with JDK 8/11/17/21
A DESCRIPTION OF THE PROBLEM :
Loading Windows keystore fails when the it contains code signing certificate for example configured with SafeNet Authentication Client.
See also the following github issue link where the end-user has initially reported the issue: https://github.com/Hakky54/sslcontext-kickstart/issues/467
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Install SafeNet Authentication Client with a code signing certificate. Run the following java code:
import java.security.KeyStore;
import java.util.Arrays;
public class App {
public static void main(String[] args) throws Exception {
for (String keyStoreType : Arrays.asList("Windows-ROOT", "Windows-ROOT-LOCALMACHINE", "Windows-ROOT-CURRENTUSER", "Windows-MY", "Windows-MY-CURRENTUSER", "Windows-MY-LOCALMACHINE")) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
}
System.out.println("Done");
}
}
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
It should print done and process all the keystores
ACTUAL -
Hangs, freezes while attempting to load the keystore. It hangs forever. The following thread dump has been reported:
"SonarLint Server RPC sequential executor" #18 prio=5 os_prio=0 cpu=593.75ms elapsed=68.62s tid=0x0000021260a73a40 nid=0x1fc0 runnable [0x0000005151bfc000]
java.lang.Thread.State: RUNNABLE
at sun.security.mscapi.CKeyStore.loadKeysOrCertificateChains(jdk.crypto.mscapi@17.0.9/Native Method)
at sun.security.mscapi.CKeyStore.engineLoad(jdk.crypto.mscapi@17.0.9/Unknown Source)
at sun.security.mscapi.CKeyStore$MY.engineLoad(jdk.crypto.mscapi@17.0.9/Unknown Source)
at java.security.KeyStore.load(java.base@17.0.9/Unknown Source)
at nl.altindag.ssl.util.KeyStoreUtils.createKeyStore(KeyStoreUtils.java:150)
at nl.altindag.ssl.util.KeyStoreUtils.createKeyStoreIfAvailable(KeyStoreUtils.java:260)
at nl.altindag.ssl.util.KeyStoreUtils.lambda$loadSystemKeyStores$1(KeyStoreUtils.java:233)
at nl.altindag.ssl.util.KeyStoreUtils$$Lambda$177/0x00000212201ce630.apply(Unknown Source)
---------- BEGIN SOURCE ----------
import java.security.KeyStore;
import java.util.Arrays;
public class App {
public static void main(String[] args) throws Exception {
for (String keyStoreType : Arrays.asList("Windows-ROOT", "Windows-ROOT-LOCALMACHINE", "Windows-ROOT-CURRENTUSER", "Windows-MY", "Windows-MY-CURRENTUSER", "Windows-MY-LOCALMACHINE")) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
}
System.out.println("Done");
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
No working workaround yet
FREQUENCY : always
Windows 10/11 with JDK 8/11/17/21
A DESCRIPTION OF THE PROBLEM :
Loading Windows keystore fails when the it contains code signing certificate for example configured with SafeNet Authentication Client.
See also the following github issue link where the end-user has initially reported the issue: https://github.com/Hakky54/sslcontext-kickstart/issues/467
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Install SafeNet Authentication Client with a code signing certificate. Run the following java code:
import java.security.KeyStore;
import java.util.Arrays;
public class App {
public static void main(String[] args) throws Exception {
for (String keyStoreType : Arrays.asList("Windows-ROOT", "Windows-ROOT-LOCALMACHINE", "Windows-ROOT-CURRENTUSER", "Windows-MY", "Windows-MY-CURRENTUSER", "Windows-MY-LOCALMACHINE")) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
}
System.out.println("Done");
}
}
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
It should print done and process all the keystores
ACTUAL -
Hangs, freezes while attempting to load the keystore. It hangs forever. The following thread dump has been reported:
"SonarLint Server RPC sequential executor" #18 prio=5 os_prio=0 cpu=593.75ms elapsed=68.62s tid=0x0000021260a73a40 nid=0x1fc0 runnable [0x0000005151bfc000]
java.lang.Thread.State: RUNNABLE
at sun.security.mscapi.CKeyStore.loadKeysOrCertificateChains(jdk.crypto.mscapi@17.0.9/Native Method)
at sun.security.mscapi.CKeyStore.engineLoad(jdk.crypto.mscapi@17.0.9/Unknown Source)
at sun.security.mscapi.CKeyStore$MY.engineLoad(jdk.crypto.mscapi@17.0.9/Unknown Source)
at java.security.KeyStore.load(java.base@17.0.9/Unknown Source)
at nl.altindag.ssl.util.KeyStoreUtils.createKeyStore(KeyStoreUtils.java:150)
at nl.altindag.ssl.util.KeyStoreUtils.createKeyStoreIfAvailable(KeyStoreUtils.java:260)
at nl.altindag.ssl.util.KeyStoreUtils.lambda$loadSystemKeyStores$1(KeyStoreUtils.java:233)
at nl.altindag.ssl.util.KeyStoreUtils$$Lambda$177/0x00000212201ce630.apply(Unknown Source)
---------- BEGIN SOURCE ----------
import java.security.KeyStore;
import java.util.Arrays;
public class App {
public static void main(String[] args) throws Exception {
for (String keyStoreType : Arrays.asList("Windows-ROOT", "Windows-ROOT-LOCALMACHINE", "Windows-ROOT-CURRENTUSER", "Windows-MY", "Windows-MY-CURRENTUSER", "Windows-MY-LOCALMACHINE")) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
}
System.out.println("Done");
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
No working workaround yet
FREQUENCY : always