Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8266261

After 8u282 -> 8u292 update: "unrecognized algorithm name: PBEWithSHA1AndDESede"

    XMLWordPrintable

    Details

      Description

      ADDITIONAL SYSTEM INFORMATION :
      openjdk version "1.8.0_292"
      OpenJDK Runtime Environment (build 1.8.0_292-b10)
      OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)
      Ubuntu_2004 and Windows10_20H2

      A DESCRIPTION OF THE PROBLEM :
      Exception when setting a KeyStore entry.

      The exception does not happen always. It seems to be timing related. We have attached a minimal reproducer that we could get to reliably fail when executing in debug mode from within the Eclipse IDE.

      We suspect it has to do with https://bugs.openjdk.java.net/browse/JDK-8156584 / https://bugs.openjdk.java.net/browse/JDK-8157190

      While searching for solutions we stumbled upon this: https://github.com/bcgit/bc-java/issues/941

      REGRESSION : Last worked in version 8

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Create a new Eclipse project and insert the given source file. Configure the affected JDK for running and as library and execute in debug mode.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Code should execute without problems
      ACTUAL -
      Exception in thread "main" java.security.KeyStoreException: Key protection algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
      at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677)
      at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
      at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
      at TestJavaMain.main(TestJavaMain.java:65)
      Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
      at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921)
      at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
      ... 3 more
      Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede
      at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
      at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938)
      at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895)
      ... 4 more


      ---------- BEGIN SOURCE ----------
      import java.io.ByteArrayInputStream;
      import java.io.IOException;
      import java.io.InputStream;
      import java.nio.charset.StandardCharsets;
      import java.security.Key;
      import java.security.KeyFactory;
      import java.security.KeyStore;
      import java.security.NoSuchAlgorithmException;
      import java.security.cert.Certificate;
      import java.security.cert.CertificateException;
      import java.security.cert.CertificateFactory;
      import java.security.spec.InvalidKeySpecException;
      import java.security.spec.PKCS8EncodedKeySpec;
      import java.util.Base64;

      public class TestJavaMain {

          private static final String KEY =
                  "-----BEGIN PRIVATE KEY-----\r\n"
                          + "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAkNYaGGK2+f8B14Yq\r\n"
                          + "0DZlAhlfzObkJI3/86CpeomWyYF8FZ3jUj4wPtRKZ+fjFT/ScguLLoPx4qTUFkaG\r\n"
                          + "E0eRKwIDAQABAkEAiX839r6ABoTYMsrkChYZfgyordTj8O/9dEOpoPLNey1MDFi+\r\n"
                          + "DfxnOV96qV1NC3Eftb0+W9m3CzXEpP1yhcnNgQIhAMDjKHg8MEk6zBRa00wHCnEG\r\n"
                          + "kp9shUlmXaQoci34IBJZAiEAwDoK/GO6zAhREvUd2LCqD3WweAxKF+QlahVBkRK1\r\n"
                          + "pyMCIQC96WpZJ3mrQDba+6n6uxvuuLf4O5Ln99/O1vvEgv6g0QIgaYPy39PGh5TR\r\n"
                          + "G/zco0NmNhI+CceFLFQZjX+ZfA6vE80CIC7dOgSpgqIY1nuSQhhNrNwqlM90YHWA\r\n"
                          + "PUgddasePJW+\r\n"
                          + "-----END PRIVATE KEY-----\r\n";
          private static final String CERTIFICATE =
                  "-----BEGIN CERTIFICATE-----\r\n"
                          + "MIIBGzCBxqADAgECAggBVa0QmShGZjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQD\r\n"
                          + "DAh0ZXN0X2NydDAeFw0yMTA0MjcxMDEyMDBaFw0yMjA0MjcxMDEyMDBaMBMxETAP\r\n"
                          + "BgNVBAMMCHRlc3RfY3J0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJDWGhhitvn/\r\n"
                          + "AdeGKtA2ZQIZX8zm5CSN//OgqXqJlsmBfBWd41I+MD7USmfn4xU/0nILiy6D8eKk\r\n"
                          + "1BZGhhNHkSsCAwEAATANBgkqhkiG9w0BAQUFAANBAD5qJwARPhpKn/zL03p7E/DL\r\n"
                          + "AB3HP/X6klwg3BkxvItG/PjBtQtf44Zn7kkbxk57jwCuuxSAtgW3Z/hTyl/0/U4=\r\n"
                          + "-----END CERTIFICATE-----\r\n";

          private static Key loadPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
              final String base64Key =
                      TestJavaMain.KEY
                              .replace("-----BEGIN PRIVATE KEY-----", "")
                              .replace("-----END PRIVATE KEY-----", "")
                              .replace("\r", "")
                              .replace("\n", "");
              final byte[] encodedKey = Base64.getDecoder().decode(base64Key);
              final KeyFactory kf = KeyFactory.getInstance("RSA");
              return kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
          }

          private static Certificate loadCertificate() throws CertificateException, IOException {
              final CertificateFactory cf = CertificateFactory.getInstance("X.509");
              final byte[] cert = TestJavaMain.CERTIFICATE.getBytes(StandardCharsets.UTF_8);
              try (final InputStream is = new ByteArrayInputStream(cert)) {
                  return cf.generateCertificate(is);
              }
          }

          public static void main(final String[] args) throws Exception {
              final Key key = TestJavaMain.loadPrivateKey();
              final Certificate[] certificates = new Certificate[] {TestJavaMain.loadCertificate()};
              final char[] password = "password".toCharArray();
              final KeyStore keyStore = KeyStore.getInstance("PKCS12");
              keyStore.load(null, password);
              keyStore.setKeyEntry("alias", key, password, certificates);
          }
      }

      ---------- END SOURCE ----------

      FREQUENCY : occasionally


        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: