sun.security.x509.AlgorithmId.get(String) isn't thread-safe and can
lead to null be returned for an algorithm that should be present.

This commit aims to work around this problem by avoiding the call
to AlgorithmId.get(String). It does so by configuring the
PKCS12 key protection algorithm to one that starts with
pbewithhmacsha (case insensitive). This short-circuits the logic
in PKCS12KeyStore.mapPBEAlgorithmToOID(String) and avoids the call to
AlgorithmId.get(String). Thanks again to @dreis2211 for the
suggestion.

The work around is only used when building with Java 8 as the problem
was fixed in Java 9.

Closes gh-26252
pull/27078/head
Andy Wilkinson 4 years ago
parent a470c1af3a
commit 912c82e50d

@ -28,6 +28,7 @@ import java.util.stream.Collectors;
import io.spring.javaformat.gradle.FormatTask; import io.spring.javaformat.gradle.FormatTask;
import io.spring.javaformat.gradle.SpringJavaFormatPlugin; import io.spring.javaformat.gradle.SpringJavaFormatPlugin;
import org.gradle.api.JavaVersion;
import org.gradle.api.Project; import org.gradle.api.Project;
import org.gradle.api.artifacts.Configuration; import org.gradle.api.artifacts.Configuration;
import org.gradle.api.artifacts.ConfigurationContainer; import org.gradle.api.artifacts.ConfigurationContainer;
@ -141,6 +142,10 @@ class JavaConventions {
withOptionalBuildJavaHome(project, (javaHome) -> test.setExecutable(javaHome + "/bin/java")); withOptionalBuildJavaHome(project, (javaHome) -> test.setExecutable(javaHome + "/bin/java"));
test.useJUnitPlatform(); test.useJUnitPlatform();
test.setMaxHeapSize("1024M"); test.setMaxHeapSize("1024M");
if (buildingWithJava8(project)) {
test.systemProperty("java.security.properties",
getClass().getClassLoader().getResource("jdk-8156584-security.properties"));
}
}); });
project.getPlugins().withType(JavaPlugin.class, (javaPlugin) -> project.getDependencies() project.getPlugins().withType(JavaPlugin.class, (javaPlugin) -> project.getDependencies()
.add(JavaPlugin.TEST_RUNTIME_ONLY_CONFIGURATION_NAME, "org.junit.platform:junit-platform-launcher")); .add(JavaPlugin.TEST_RUNTIME_ONLY_CONFIGURATION_NAME, "org.junit.platform:junit-platform-launcher"));
@ -153,6 +158,10 @@ class JavaConventions {
})); }));
} }
private boolean buildingWithJava8(Project project) {
return (!project.hasProperty("buildJavaHome")) && JavaVersion.current() == JavaVersion.VERSION_1_8;
}
private boolean isCi() { private boolean isCi() {
return Boolean.parseBoolean(System.getenv("CI")); return Boolean.parseBoolean(System.getenv("CI"));
} }

@ -0,0 +1 @@
keystore.pkcs12.keyProtectionAlgorithm=PBEWithHmacSHA256AndAES_256
Loading…
Cancel
Save