java.security.KeystStore fails to load some PKCS12 stores
Magnus Vojbacke
magnus.vojbacke at digitalroute.com
Tue Dec 14 11:51:06 UTC 2021
We would like java.security.Keystore to be able to load all PKCS12 stores, like in Oracle JDK or the latest version of OpenJDK.
I would love to see an OpenJDK bug on this and subsequent fix for openjdk 8u. Currently, the OpenJDK 8u312 and 8u322(EA) fail to load some PKCS12 certificates. The same certificates can be loaded by Oracle JDK 8u301 as well as Open JDK 17 and openssl.
Code to reproduce error: https://gist.github.com/magnusvojbacke/51799be440240afc5235174ae30c7d1c
Run this class with openjdk 8u312 and get the following exception:
Error message:
Exception in thread "main" java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2079)
at java.security.KeyStore.load(KeyStore.java:1445)
at PkcsFail.main(PkcsFail.java:18)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
Run with oracle jdk 8u301 or openjdk 17 and get the "Success" output.
This communication is confidential and is only intended for the use of the individual or entity to which it is directed. It may contain information that is privileged and exempt from disclosure under applicable law. If you are not the intended recipient please notify us immediately. You should not copy it or disclose its contents to any other person.
More information about the jdk8u-dev
mailing list