Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8238264

Exception thrown when setting javax.net.ssl.keyStoreType = PKCS11

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Rejected
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description

      When setting the System property javax.net.ssl.keyStoreType or the Security property keystore.type to 'PKCS11', an exception is thrown:

      Caused by: java.security.KeyManagementException: if keyStoreType is PKCS11, then keyStore must be NONE
      at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.<clinit>(SSLContextImpl.java:942)
      at java.base/sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:1112)
      at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
      at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
      at java.base/java.security.Provider.newInstanceUtil(Provider.java:155)
      at java.base/java.security.Provider$Service.newInstance(Provider.java:1820)
      ... 10 more

      The reason is that when any of the previous properties is set to the 'PKCS11', javax.net.ssl.keyStore is expected to be 'NONE' and an empty string or the property not set does not count. See here: http://hg.openjdk.java.net/jdk/jdk/file/085463e75652/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java#l1000

      In the following line, the check condition is properly handled: http://hg.openjdk.java.net/jdk/jdk/file/085463e75652/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java#l1010 The reason is that 'NONE' is expected only if the property was set to something.

      A test will be submitted as part of the fix proposal.

        Attachments

          Activity

            People

            • Assignee:
              mbalao Martin Balao
              Reporter:
              mbalao Martin Balao
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: