View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0018173 | CentOS-8 | java | public | 2021-04-27 16:05 | 2021-04-27 16:57 |
Reporter | robmv | Assigned To | |||
Priority | high | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 8.3.2011 | ||||
Summary | 0018173: Java 1.8.0.292.b10-0.el8_3 update break Wildfly based applications using PKCS12 keystores | ||||
Description | Java 1.8.0.282.b08-2.el8_3 update break Wildfly based applications (running a privately maintained copy of Wildfly 17), when the TLS keystore is located on a PKCS12 file. The exception thrown is: java.security.KeyStoreException: Key protection algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677) at sun.security.pkcs12.PKCS12KeyStore.engineSetEntry(PKCS12KeyStore.java:1384) at java.security.KeyStore.setEntry(KeyStore.java:1557) at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:135) ... 11 more Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921) at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614) ... 14 more Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448) at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938) at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895) ... 15 more | ||||
Steps To Reproduce | 1- Install Wildfly 17.0.1 2- Configure a TLS PKCS12 keystore 3- Start Wildfly 4- The exception is shown 5- Revert to 1.8.0.282.b08-2.el8_3 and the problem is not triggered anymore Tried with the LEGACY crypto policy just in case that the DEFAULT policy was made stronger, but it didn't fix for 1.8.0.282.b08-2.el8_3 | ||||
Additional Information | Testing with AdoptOpenJDK version jdk8u292-b10 trigger the error to, so it shouldn't be a Red Hat provided patch. A simple Java example like the following doesn't trigger the problem, so it is something more complex that Wildfly is doing that trigger this backward incompatible change This bug should affect Red Hat Enterprise Linux 8 too, it is wise to report it to RH bugzilla? ---------------------------------------------------------------------- import java.io.FileInputStream; import java.security.KeyStore; public class Test { // arg[0] PKCS12 file path, arg[1] password. Not validated for simplicity. public static void main(String[] args) { try { KeyStore store = KeyStore.getInstance("PKCS12"); char[] pwd = args[1].toCharArray(); store.load(new FileInputStream(args[0]), pwd); KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection(pwd); store.getEntry("alias", pp); } catch (Exception e) { e.printStackTrace(); } } } ---------------------------------------------------------------------- | ||||
Tags | No tags attached. | ||||