Bug ID: JDK-8231598 keytool does not export sun.security.mscapi

JDK-8231598 : keytool does not export sun.security.mscapi

Type: Bug
Component: security-libs
Sub-Component: javax.crypto
Affected Version: 9,11,13,14

Priority: P3
Status: Resolved
Resolution: Fixed
OS: windows_10
CPU: x86_64

Submitted: 2019-09-27
Updated: 2020-02-06
Resolved: 2019-10-24

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 14
14 b21Fixed

Related Reports

Relates :

JDK-8130302 - Add -addprovider option to jarsigner and keytool

Description

ADDITIONAL SYSTEM INFORMATION :
openjdk-13_windows-x64_bin on Win 10

A DESCRIPTION OF THE PROBLEM :
Using openjdk-13_windows-x64_bin on Win 10
When running keytool and SunMSCAPI their is a module bug.

>keytool -list -keystore NONE -storetype Windows-MY -providerClass sun.security.mscapi.SunMSCAPI -v
keytool error: java.lang.Exception: Provider "sun.security.mscapi.SunMSCAPI" not found
java.lang.Exception: Provider "sun.security.mscapi.SunMSCAPI" not found
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:815)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:397)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:390)
Caused by: java.lang.IllegalAccessException: class sun.security.tools.KeyStoreUtil (in module java.base) cannot access class sun.security.mscapi.SunMSCAPI (in module jdk.crypto.mscapi) because module jdk.crypto.mscapi does not export sun.security.mscapi to module java.base
        at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:361)
        at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:591)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
        at java.base/sun.security.tools.KeyStoreUtil.loadProviderByClass(KeyStoreUtil.java:320)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:805)
        ... 2 more

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
>keytool -list -keystore NONE -storetype Windows-MY -providerClass sun.security.mscapi.SunMSCAPI -v

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
List all certificates in windows cert store
ACTUAL -
keytool error: java.lang.Exception: Provider "sun.security.mscapi.SunMSCAPI" not found
java.lang.Exception: Provider "sun.security.mscapi.SunMSCAPI" not found
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:815)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:397)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:390)
Caused by: java.lang.IllegalAccessException: class sun.security.tools.KeyStoreUtil (in module java.base) cannot access class sun.security.mscapi.SunMSCAPI (in module jdk.crypto.mscapi) because module jdk.crypto.mscapi does not export sun.security.mscapi to module java.base
        at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:361)
        at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:591)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
        at java.base/sun.security.tools.KeyStoreUtil.loadProviderByClass(KeyStoreUtil.java:320)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:805)
        ... 2 more

FREQUENCY : always

Comments

URL: https://hg.openjdk.java.net/jdk/jdk/rev/ea153023d832 User: weijun Date: 2019-10-24 08:11:06 +0000

24-10-2019

Back in JDK-8130302 when we added the -addprovider option to keytool (after modularization), we realized the -providerclass option will not work for modularized providers. We also added an automatic translation from "-providerclass sun.security.pkcs11.SunPKCS11" to "-addprovider SunPKCS11". We didn't do the same for SunMSCAPI because it has no argument and therefore does not need to be explicitly added at all. From this bug report it looks like some people is really using it. A similar translation will be added as well but one can simply remove the -providerClass option to make it work, i.e. "keytool -list -keystore NONE -storetype Windows-MY -v".

14-10-2019

This is regression, this works fine in 8, where as from 9 GA onwards it started failing with below error. == C:\Users\fmatte>"c:\Users\fmatte\JAVA\jdk9\jdk-9-ea+181\bin\keytool.exe" -list -keystore NONE -storetype Windows-MY -providerClass sun.security.mscapi.SunMSCAPI -v keytool error: java.lang.Exception: Provider "sun.security.mscapi.SunMSCAPI" not found java.lang.Exception: Provider "sun.security.mscapi.SunMSCAPI" not found at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:790) at java.base/sun.security.tools.keytool.Main.run(Main.java:389) at java.base/sun.security.tools.keytool.Main.main(Main.java:382) Caused by: java.lang.IllegalAccessException: class sun.security.tools.KeyStoreUtil (in module java.base) cannot access class sun.security.mscapi.SunMSCAPI (in module jdk.crypto.mscapi) because module jdk.crypto.mscapi does not export sun.security.mscapi to module java.base at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:361) at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:589) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:479) at java.base/sun.security.tools.KeyStoreUtil.loadProviderByClass(KeyStoreUtil.java:319) at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:780) ... 2 more C:\Users\fmatte> == Regression started from 9 ea b111, 9 ea b112 or 9 ea b113, no significant changes in langtools, moving to security-libs Looks like JDK-6483657

27-09-2019