Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 1.2.0.Beta12
Affects Version/s: None
Component/s: Credential Store
Labels:
- ibm-java

Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1069

Description

export JAVA_HOME=path/to/ibm/java8
 
$JAVA_HOME/bin/java -version
java version "1.8.0"
Java(TM) SE Runtime Environment (build pxa6480sr3fp12-20160919_01(SR3 FP12))
IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20160915_318796 (JIT enabled, AOT enabled)
J9VM - R28_Java8_SR3_20160915_0912_B318796
JIT  - tr.r14.java.green_20160818_122998
GC   - R28_Java8_SR3_20160915_0912_B318796_CMPRSS
J9CL - 20160915_318796)
JCL - 20160914_01 based on Oracle jdk8u101-b13
 
mvn clean test -Dtest=KeyStoreCredentialStoreTest

Expected: KeyStoreCredentialStoreTest should pass

Actual: First, the "hack to make JCE believe that it has verified the signature of the WildFlyElytronProvider JAR" [1] throws

java.lang.ClassNotFoundException: javax.crypto.JceSecurity
	at java.lang.Class.forNameImpl(Native Method)
	at java.lang.Class.forName(Class.java:278)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStoreTest.installWildFlyElytronProvider(KeyStoreCredentialStoreTest.java:89)
...

because javax.crypto.JceSecurity does not exist in IBM JRE.

It looks like the hack is actually not necessary anymore, because KeyStoreCredentialStoreTest is passing also without the hack on both Oracle JDK and OpenJDK.

But once the hack is removed, on IBM JDK, shouldSupportKeyStoreFormat passes with format=JCEKS but fails with format=PKCS12 throwing the following exeception:

org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:464)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStoreTest.shouldSupportKeyStoreFormat(KeyStoreCredentialStoreTest.java:137)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:508)
	at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:367)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:274)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238)
	at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:161)
	at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:290)
	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:242)
	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:121)
Caused by: java.security.UnrecoverableKeyException: Get Key failed: 1.2.840.113549.1.7.1 SecretKeyFactory not available
	at java.security.KeyStore.getEntry(KeyStore.java:1532)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:462)
	... 10 more
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.7.1 SecretKeyFactory not available
	... 12 more

[1] https://github.com/wildfly-security/wildfly-elytron/pull/661/commits/72967600a98dee832e151ff8f6fb64af0a84bd14#diff-faa6b27609575ef29472bcc75c87eb36R87

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

oracle_java_1.8.0.77_trace
17 kB
2018/04/19 11:27 AM

Issue Links

is caused by

ELY-1427 Credential store type PKCS12 works fine when using OracleJDK and OpenJDK but doesn't work using IBM JDK.

Resolved

relates to

ELY-1469 Create profile for running only tests which are stable on all platforms

Resolved

Activity

People

Assignee:: Priyanka Pandey

Reporter:: Peter Palaga

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017/07/20 8:23 AM

Updated:: 2021/10/24 6:18 AM

Resolved:: 2018/01/12 7:44 PM