Work around https://bugs.openjdk.java.net/browse/JDK-8156584

sun.security.x509.AlgorithmId.get(String) isn't thread-safe and can lead to null be returned for an algorithm that should be present. This commit aims to work around this problem by avoiding the call to AlgorithmId.get(String). It does so by configuring the PKCS12 key protection algorithm to one that starts with pbewithhmacsha (case insensitive). This short-circuits the logic in PKCS12KeyStore.mapPBEAlgorithmToOID(String) and avoids the call to AlgorithmId.get(String). Thanks again to @dreis2211 for the suggestion. The work around is only used when building with Java 8 as the problem was fixed in Java 9. Closes gh-26252

Work around https://bugs.openjdk.java.net/browse/JDK-8156584
sun.security.x509.AlgorithmId.get(String) isn't thread-safe and can lead to null be returned for an algorithm that should be present. This commit aims to work around this problem by avoiding the call to AlgorithmId.get(String). It does so by configuring the PKCS12 key protection algorithm to one that starts with pbewithhmacsha (case insensitive). This short-circuits the logic in PKCS12KeyStore.mapPBEAlgorithmToOID(String) and avoids the call to AlgorithmId.get(String). Thanks again to @dreis2211 for the suggestion. The work around is only used when building with Java 8 as the problem was fixed in Java 9. Closes gh-26252
912c82e5 · Andy Wilkinson · a470c1af · 912c82e5 · 912c82e5
Commit 912c82e5 authored Apr 27, 2021 by Andy Wilkinson
Showing with 10 additions and 0 deletions

JavaConventions.java .../java/org/springframework/boot/build/JavaConventions.java +9 -0

jdk-8156584-security.properties buildSrc/src/main/resources/jdk-8156584-security.properties +1 -0

No files found.
--- a/buildSrc/src/main/java/org/springframework/boot/build/JavaConventions.java
+++ b/buildSrc/src/main/java/org/springframework/boot/build/JavaConventions.java
@@ -28,6 +28,7 @@ import java.util.stream.Collectors;

 import io.spring.javaformat.gradle.FormatTask;
 import io.spring.javaformat.gradle.SpringJavaFormatPlugin;
+import org.gradle.api.JavaVersion;
 import org.gradle.api.Project;
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.artifacts.ConfigurationContainer;
@@ -141,6 +142,10 @@ class JavaConventions {
 			withOptionalBuildJavaHome(project, (javaHome) -> test.setExecutable(javaHome + "/bin/java"));
 			test.useJUnitPlatform();
 			test.setMaxHeapSize("1024M");
+			if (buildingWithJava8(project)) {
+				test.systemProperty("java.security.properties",
+						getClass().getClassLoader().getResource("jdk-8156584-security.properties"));
+			}
 		});
 		project.getPlugins().withType(JavaPlugin.class, (javaPlugin) -> project.getDependencies()
 				.add(JavaPlugin.TEST_RUNTIME_ONLY_CONFIGURATION_NAME, "org.junit.platform:junit-platform-launcher"));
@@ -153,6 +158,10 @@ class JavaConventions {
 				}));
 	}

+	private boolean buildingWithJava8(Project project) {
+		return (!project.hasProperty("buildJavaHome")) && JavaVersion.current() == JavaVersion.VERSION_1_8;
+	}
+
 	private boolean isCi() {
 		return Boolean.parseBoolean(System.getenv("CI"));
 	}

--- a/buildSrc/src/main/resources/jdk-8156584-security.properties
+++ b/buildSrc/src/main/resources/jdk-8156584-security.properties
+keystore.pkcs12.keyProtectionAlgorithm=PBEWithHmacSHA256AndAES_256
\ No newline at end of file