JDK-7132249 : sun/security/pkcs11/KeyStore/ClientAuth.sh failing on Solaris and Linux
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2012-01-22
  • Updated: 2012-01-23
  • Resolved: 2012-01-23
Related Reports
Duplicate :  
JDK-7106773 - 512 bits RSA key cannot work with SHA384 and SHA512
Description
This test is failing on Solaris and Linux with jdk8/tl jobs in JPRT. It's also been failing in the TL nightly testing for the last week or so.

--------------------------------------------------
TEST: sun/security/pkcs11/KeyStore/ClientAuth.sh
JDK under test: (/tmp/jprt/P1/203840.albatem/testproduct/solaris_sparcv9_5.10-product)
java version "1.8.0-internal"
Java(TM) SE Runtime Environment (build 1.8.0-internal-201201212038.albatem.jdk-b00)
Java HotSpot(TM) 64-Bit Server VM (build 23.0-b10, mixed mode)

ACTION: shell -- Failed. Execution failed: exit code 1
REASON: User specified action: run shell ClientAuth.sh 
TIME:   2.437 seconds
messages:
command: shell ClientAuth.sh []
reason: User specified action: run shell ClientAuth.sh 
elapsed time (seconds): 2.437
STDOUT:
TESTSRC=/tmp/jprt/P1/203840.albatem/source/test/sun/security/pkcs11/KeyStore
TESTCLASSES=/tmp/jprt/P1/203840.albatem/source/build/solaris-sparcv9/testoutput/jdk_security3/JTwork/classes/sun/security/pkcs11/KeyStore
TESTJAVA=/tmp/jprt/P1/203840.albatem/testproduct/solaris_sparcv9_5.10-product

Run ClientAuth ...
Beginning test run ClientAuth...
Running test with provider SunPKCS11-nss...
serverPort = 34361
Completed test with provider SunPKCS11-nss (411 ms).
Run ClientAuth TLSv1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Beginning test run ClientAuth...
Running test with provider SunPKCS11-nss...
serverPort = 34363
client also threw:

STDERR:
Note: /tmp/jprt/P1/203840.albatem/source/test/sun/security/pkcs11/KeyStore/../PKCS11Test.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
Client died...
javax.net.ssl.SSLHandshakeException: Error signing certificate verify
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:984)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:282)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:996)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1292)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:683)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:125)
	at ClientAuth.doClientSide(ClientAuth.java:169)
	at ClientAuth$2.run(ClientAuth.java:339)
Caused by: java.security.InvalidKeyException: Key is too short for this signature algorithm
	at sun.security.pkcs11.P11Signature.checkRSAKeyLength(P11Signature.java:345)
	at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:386)
	at java.security.SignatureSpi.engineInitSign(SignatureSpi.java:103)
	at java.security.Signature$Delegate.init(Signature.java:1109)
	at java.security.Signature$Delegate.chooseProvider(Signature.java:1066)
	at java.security.Signature$Delegate.engineInitSign(Signature.java:1139)
	at java.security.Signature.initSign(Signature.java:529)
	at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(HandshakeMessage.java:1548)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:981)
	... 10 more
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1942)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1057)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1292)
	at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:846)
	at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
	at sun.security.ssl.AppInputStream.read(AppInputStream.java:69)
	at ClientAuth.doServerSide(ClientAuth.java:119)
	at ClientAuth.startServer(ClientAuth.java:325)
	at ClientAuth.go(ClientAuth.java:251)
	at ClientAuth.main(ClientAuth.java:235)
	at PKCS11Test.premain(PKCS11Test.java:69)
	at PKCS11Test.testNSS(PKCS11Test.java:226)
	at PKCS11Test.main(PKCS11Test.java:79)
	at ClientAuth.main(ClientAuth.java:203)

TEST RESULT: Failed. Execution failed: exit code 1
--------------------------------------------------
The cause of the issue is that we did not integration the signed pkcs11 jars synchronously. Close it as "not a defect".
Comments
EVALUATION The issue here is that there was a delay pushing the signed providers and so several tests were failing with jdk8/tl jobs. These test failures should not be resolved as a result of the push (via 7106773).
23-01-2012