Re: RFR: 8343622: AesDkCrypto.stringToKey should not return null [v2]

Wed, 04 Dec 2024 05:59:41 -0800 

On Tue, 5 Nov 2024 15:51:58 GMT, Weijun Wang <wei...@openjdk.org> wrote:

>> When an exception happens inside these stringToKey() methods, it returns a 
>> null. This would lead to unexpected NPE some time in the future.
>
> Weijun Wang has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   let it throw NSAE

In my test (where certain required security providers have been removed), the 
exception thrown is

java.lang.IllegalArgumentException: PBKDF2WithHmacSHA1 SecretKeyFactory not 
available
        at 
java.security.jgss/javax.security.auth.kerberos.KeyImpl.<init>(KeyImpl.java:99)
        at 
java.security.jgss/javax.security.auth.kerberos.KerberosKey.<init>(KerberosKey.java:150)
        ...

I can change `throw new IllegalArgumentException(e.getMessage())` to `throw new 
IllegalArgumentException("key creation error", e)` in `KeyImpl.<init>` and it 
will be

java.lang.IllegalArgumentException: key creation error
        at 
java.security.jgss/javax.security.auth.kerberos.KeyImpl.<init>(KeyImpl.java:99)
        at 
java.security.jgss/javax.security.auth.kerberos.KerberosKey.<init>(KerberosKey.java:150)
        ...
Caused by: KrbException: PBKDF2WithHmacSHA1 SecretKeyFactory not available
        at 
java.security.jgss/sun.security.krb5.EncryptionKey.stringToKey(EncryptionKey.java:268)
        at 
java.security.jgss/sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:317)
        at 
java.security.jgss/javax.security.auth.kerberos.KeyImpl.<init>(KeyImpl.java:94)
        ... 6 more
Caused by: java.security.NoSuchAlgorithmException: PBKDF2WithHmacSHA1 
SecretKeyFactory not available
        at 
java.base/javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:116)
        at 
java.base/javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:162)
        at 
java.security.jgss/sun.security.krb5.internal.crypto.dk.AesDkCrypto.PBKDF2(AesDkCrypto.java:482)
        at 
java.security.jgss/sun.security.krb5.internal.crypto.dk.AesDkCrypto.stringToKey(AesDkCrypto.java:129)
        at 
java.security.jgss/sun.security.krb5.internal.crypto.dk.AesDkCrypto.stringToKey(AesDkCrypto.java:110)
        at 
java.security.jgss/sun.security.krb5.internal.crypto.Aes128.stringToKey(Aes128.java:46)
        at 
java.security.jgss/sun.security.krb5.EncryptionKey.stringToKey(EncryptionKey.java:251)
        ... 8 more

This will be more useful.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/21908#issuecomment-2517479736

Reply via email to