Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8134232

KeyStore.load() throws an IOException with a wrong cause in case of wrong password

    Details

      Backports

        Description

        According to [1], KeyStore.load(InputStream, char[]) method should throw an IOException, and the cause of the IOException should be an UnrecoverableKeyException:

        ...
        Throws:
        IOException - if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException
        ...

        But in case of PKCS11 keystore it throws an IOException, and the cause is javax.security.auth.login.FailedLoginException:

        java.io.IOException: load failed
        at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:761)
        at java.security.KeyStore.load(KeyStore.java:1459)
        at LoadKeystore.main(LoadKeystore.java:73)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:504)
        at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:92)
        at java.lang.Thread.run(Thread.java:746)
        Caused by: javax.security.auth.login.FailedLoginException
        at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1253)
        at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:847)
        at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:751)
        ... 8 more
        Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_INCORRECT
        at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
        at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1241)
        ... 10 more

        Please use attached LoadKeystore.java test to reproduce the problem.

        The implementation should follow the spec in all cases. Need to check other keystore types listed in [2].

        [1] http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#load-java.io.InputStream-char:A-
        [2] http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  asmotrak Artem Smotrakov
                  Reporter:
                  asmotrak Artem Smotrakov
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: