On 13/05/2022 10:15, Mark Thomas wrote:
To add my results:
Linux
- Oracle 1.8.0
- 321 passes
- 331 passes
- 333 passes
- Temurin 1.8.0
- 312 fails
- 332 fails
- Temurin 11
- 11.0.15 passes
Adding these to Rainer's results, it looks like this feature depends on
something in Java 8 that is Oracle specific and not part of the open
source distributions until Java 11 (or maybe 9).
I'll see if I can figure out exactly what is going wrong and if there is
a way to get this working with the open source Java 8 releases.
This looks like a bug to me.
With Temurin JDK 8 302_b08 the test fails at line 204 with:
java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag
= 48)
at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:285)
at sun.security.util.DerInputStream.getOID(DerInputStream.java:320)
at
com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:151)
at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:133)
t sun.security.x509.AlgorithmId.parse(AlgorithmId.java:413)
at
javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:204)
With Temurin JDK 8 302_b08 the test fails at line 212 with:
java.security.spec.InvalidKeySpecException: Cannot retrieve the
PKCS8EncodedKeySpec
at
javax.crypto.EncryptedPrivateKeyInfo.getKeySpec(EncryptedPrivateKeyInfo.java:258)
at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:212)
The issue is that the wrong algorithm is identified. It should be
PBEWithHmacSHA256AndAES_256 but the Temurin JDK selects
PBEWithHmacSHA1AndAES_256.
I think things are going wrong back at line 204. I'm still digging for
the root cause.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org