FULL PRODUCT VERSION :
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
Linux 2.6.9-22.ELsmp #1 SMP Mon Sep 19 18:32:14 EDT 2005 i686 i686 i386 GNU/LInux
A DESCRIPTION OF THE PROBLEM :
A pkcs12 file created with no password cannot be handled by the Sun PKCS12Keystore implementation. The pkcs12 file can be loaded into a keystore but the keystore throws an UnrecoverableKeyException when retrieving a key.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
use a tool like openssl to convert the pem file into a pkcs12 file
e.g. openssl pkcs12 -export -in 10.0.2.81.pem -out 10.0.2.81.p12
javac PKCS12Bug.java
java PKCS12Bug
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
If the file is processed successfully the aliases are written to standard out.
PKCS12 keystore loaded
alias=1
ACTUAL -
PKCS12 keystore loaded
alias=1
Exception in thread "main" java.security.UnrecoverableKeyException: Get Key failed: / by zero
ERROR MESSAGES/STACK TRACES THAT OCCUR :
PKCS12 keystore loaded
alias=1
Exception in thread "main" java.security.UnrecoverableKeyException: Get Key failed: / by zero
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:268)
at java.security.KeyStore.getKey(KeyStore.java:731)
at PKCS12Bug.main(PKCS12Bug.java:30)
Caused by: java.lang.ArithmeticException: / by zero
at com.sun.crypto.provider.SunJCE_ab.a(DashoA12275)
at com.sun.crypto.provider.SunJCE_ab.a(DashoA12275)
at com.sun.crypto.provider.SunJCE_ab.a(DashoA12275)
at com.sun.crypto.provider.SunJCE_ab.a(DashoA12275)
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineInit(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:249)
... 2 more
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
public class PKCS12Bug {
/**
* Entry point for pkcs12 bug.
*
* @param args the command line arguments.
* @throws Exception if something goes wrong.
*/
public static void main(String[] args) throws Exception {
char[] password = null;
KeyStore keyStore = KeyStore.getInstance("PKCS12");
FileInputStream in = null;
try {
in = new FileInputStream("10.0.2.81.p12");
keyStore.load(in, password);
System.out.println("PKCS12 keystore loaded");
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
System.out.println("alias="+alias);
if (keyStore.isKeyEntry(alias)) {
keyStore.getKey(alias, password);
}
}
}
finally {
if (in != null) {
in.close();
}
}
}
}
// The following is the PEM format of the no password pkcs12 file
Bag Attributes
localKeyID: 38 6B EC FA 82 BD 68 CC 62 E7 D3 21 4E FD B4 A5 EA E1 D8 35
subject=/CN=10.0.2.81/OU=Intrusion Management System/O=Sourcefire, Inc./title=estreamer/generationQualifier=client
issuer=/title=InternalCA/CN=Sourcefire3D/OU=Intrusion Management System/O=Sourcefire, Inc.
-----BEGIN CERTIFICATE-----
MIIDgTCCAmmgAwIBAgIBIjANBgkqhkiG9w0BAQQFADBpMUwwEQYDVQQMEwpJbnRl
cm5hbENBMBMGA1UEAxMMU291cmNlZmlyZTNEMCIGA1UECxMbSW50cnVzaW9uIE1h
bmFnZW1lbnQgU3lzdGVtMRkwFwYDVQQKExBTb3VyY2VmaXJlLCBJbmMuMB4XDTA2
MTEyMTE4MDYxNloXDTE2MTExOTE4MDYxNlowejESMBAGA1UEAxMJMTAuMC4yLjgx
MSQwIgYDVQQLExtJbnRydXNpb24gTWFuYWdlbWVudCBTeXN0ZW0xGTAXBgNVBAoT
EFNvdXJjZWZpcmUsIEluYy4xEjAQBgNVBAwTCWVzdHJlYW1lcjEPMA0GA1UELBMG
Y2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDScFdTOqBHW
ENAcC/qyNpWQGpVHBPVLINc9TgODpRS45kqENkgOGqVrCA5tb6K0Nr9ujO94PgqX
W9hYL94BL523xy67cZuIGE457J7/yOWrIbXgr2WU+g39lKcfqFFvYcRVQq47Am+H
rct+ADLDnh06LfRMFl2U2W6yo+dPTgq518RdDWe6uB/qbqN9EEb1qScC5eIsG0ms
R+i63SYpNoKPHvdKv558GYzXw+ucqEylPeMFHGJ545bnaA4jW7wdy1TQkXFycSAy
QxiXZ6DR6rRIrYteMyerSscsJDFq/lUsFW6Z78g/jD1pPcdQOH3Y9zRCDve7UC3S
y+BmX772awIDAQABoyMwITAJBgNVHRMEAjAAMBQGA1UdEQQNMAuCCTEwLjAuMi44
MTANBgkqhkiG9w0BAQQFAAOCAQEAJq+O1fu3V/cXWOH8DFOUR3iVJBLpVDFnMzfv
g6rn15yIfjXOL4TZq8bp8MFpAPzePQIqzMxU8IpKXcVWqUbvMXGABk/cv36n+BUa
2Y4/VyWiD0UYy72tF3S7sCDaemhxyGDoOwqo2oR/4Zg1p46YRUfoqIfiWlXhaAuq
aF0JWiP/2NhEuMDwd5I5hZGY0JbuEvIG3N7R5zZE9inqXddLfYfOkvnA62XdL52H
yXNPzH/cE/qVbXSpuSUImnytUEnRwHgZqQSeeQjLBQj9VDpYVlQ8qatya/snD7Ef
4+u4u4PtDusRHkzSd+3T9dKDnwTSjybsAul1sqo5/xtEdqu9aA==
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/title=InternalCA/CN=Sourcefire3D/OU=Intrusion Management System/O=Sourcefire, Inc.
issuer=/title=InternalCA/CN=Sourcefire3D/OU=Intrusion Management System/O=Sourcefire, Inc.
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIBADANBgkqhkiG9w0BAQUFADBpMUwwEQYDVQQMEwpJbnRl
cm5hbENBMBMGA1UEAxMMU291cmNlZmlyZTNEMCIGA1UECxMbSW50cnVzaW9uIE1h
bmFnZW1lbnQgU3lzdGVtMRkwFwYDVQQKExBTb3VyY2VmaXJlLCBJbmMuMB4XDTA2
MDMyMzE5NTEyNVoXDTE2MDMyMDE5NTEyNVowaTFMMBEGA1UEDBMKSW50ZXJuYWxD
QTATBgNVBAMTDFNvdXJjZWZpcmUzRDAiBgNVBAsTG0ludHJ1c2lvbiBNYW5hZ2Vt
ZW50IFN5c3RlbTEZMBcGA1UEChMQU291cmNlZmlyZSwgSW5jLjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALQN7lvirMQzOkfO+HRsZ4QrtLYueOQmQJRz
5SF8jCQggyp6Xo2vhyk86xB3ZTKIjgu0P3JZIjAruS7kO5DLY4w9i77weECh2uaF
NcigS3GoeVWKwU4ll+cFc8IXzAqtaNpOMYcfHKY6bF+45SKYA3taebUUvlSgNMcE
Pi3lm8cuRoo1i9Jnf2G8I+IYoVMlXR3a0PJxSFjdLe4qRdKY+JHppminWvjCaVvH
JmPRtD1l9Zf9G7RfqahNchpAjGOgM7rusRf3UW8ra7vt/kxlQEGtsJ5Jqdv4B2CY
9ZjPRfXOPk/Uih3Ai1r8KU9Ojun1HO9KQskb0v5SrMejxo39jmkCAwEAATANBgkq
hkiG9w0BAQUFAAOCAQEAcdukCUxiJMCI0jKChcUb2OjZhByoiga6bQxRICUNGtrk
yuYwPafaFotVJh5MvRnxlOG8r3JtnK789HdP76jEnL+xPCXNZsqULBTvV2G3z4Sg
3RuAVAK94hfFDuFCxgsTPIXqmcYE0K0lu06dCXXIKp8L1EbLyD8aAPwHk1sqyoAT
UYDPu/XwZHA0IP8ynoSzuxsvCAeQgBZBlwIZ5nHqvkfpXh3x71jUfoe78ALTW14v
yu9ssOTj347oUdIa53gGeeKJB4lA/yKiuZlpJNePKW+2QZW+cWj9ro3Jwbnc5JcS
Y7JQ88Tlz+VzOTo49NP4qrHy5LdZj5BcC1QHJxzP5w==
-----END CERTIFICATE-----
Bag Attributes
localKeyID: 38 6B EC FA 82 BD 68 CC 62 E7 D3 21 4E FD B4 A5 EA E1 D8 35
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAxDScFdTOqBHWENAcC/qyNpWQGpVHBPVLINc9TgODpRS45kqE
NkgOGqVrCA5tb6K0Nr9ujO94PgqXW9hYL94BL523xy67cZuIGE457J7/yOWrIbXg
r2WU+g39lKcfqFFvYcRVQq47Am+Hrct+ADLDnh06LfRMFl2U2W6yo+dPTgq518Rd
DWe6uB/qbqN9EEb1qScC5eIsG0msR+i63SYpNoKPHvdKv558GYzXw+ucqEylPeMF
HGJ545bnaA4jW7wdy1TQkXFycSAyQxiXZ6DR6rRIrYteMyerSscsJDFq/lUsFW6Z
78g/jD1pPcdQOH3Y9zRCDve7UC3Sy+BmX772awIDAQABAoIBABBJTauCPqU01dAP
dkSISsK9J3kNaxe+RL41H6GaKRNK5Q44oUDgOkt776Z7jBn4J31j5olMV27O8kFt
c+SFSRPqw5aFCoojnuhllelOSW0jo1DpB/2HMRaQkrwEI1yVZel3opwmWj+Zgmmq
uorJq/Mz+eBWpvo0SmbCCZIRYUPY+qtlfunFsiRyj8Lw10VEpYoprdgk/29G9efh
tnFhC/C8WivzyZ6GjwYVA0gVaX2IncmywDDr0baMZQIS3da2aa3fsLFZCE1FQmkg
baQwQefYbKL/szFigq32m98lhf819PkoUt8SI149F9iWxedyLus12Sl0sZxTGOoP
zNJPRAECgYEA+L2AGimEpuPpJksDT8UR4FRzDttGigYnLy13Khr5pb1/8GkLBqRv
xuKt4kDyMcT/UOhQGj7wATFqeT5cv/z4FgU2H7t64QwgqHHNsC/MCKqeIF7q1sh7
yXqg3pHEuBT+ZKdteMPwdc/mCZen4dQW3ZxDOxgiV10DRhkrUAYDC6kCgYEAye6W
mYNLLPOduJYLXfKNa/miQkLx3V0duiVhFGCxKEhuh7tKHxprz7mxV4fV9ImaWX71
1x2iiSY3LjwlWGDTEh0FKIEtFBwT4fzUX3iu2i/J5kOBXfQw9h7FdraACIYkIpPH
Vwj4zXuREFKcfYjqcnFOL6fgKezrzxcw/6m63fMCgYA7M27/yw3lYq0lDgl1vOOq
Tq8rxAif5SMCWYHZJZ5xUg7XO0kChbSM03qrNOXv7oEN0pzuAjjBL++1d6A/mYe6
RfdByi9OzMIhFSTtYBLhpSoJbk3aXNEJfQQ4tNzrKyP49NhbO9dJUvffJJcyanYe
vIhL0kyqGlsjHe5vF182MQKBgBXaD8oE/zmaE1NKSWidOtiYZwqsm+fMj875BIxj
+kfVrsBZcCf1f/02pw5F0M1ppp5QsuHYfyJAVHBYaeIqeCzZnxlHAU3PzAcEiSbb
tHBAA6U7YOB98F5x7gRus2Q4v+hN/aBZhDMYUBZoGi8rhdNkl4VosUVYMhxy8gZ4
o5QpAoGBAOVM4rar5OL95ey/ovRgyCBvi9nSs0+7mv2pi9GJEhnqnX0243S7ob5N
oNyTkgUAjnm/2/bY2vyv87OylBhFx2dqwOkSyMwm2Iih8mm2Upc/7Ha+qTDTdQl7
bf7jarMgLVHMxOM1Rvkzr/fv3vmxuC805r2tl7uB8fi7Mog+Jqs1
-----END RSA PRIVATE KEY-----
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
The original pkcs12 file comes from a third-party tool. The workaround is to supply a password when creating the pkcs12 file from the third-party.