Issue2770

classification
Title: PBKDF-OpenSSL SecretKeyFactory not available on Java 7
Type: crash Severity: normal
Components: Versions: Jython 2.7
Milestone:
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: jeff.allen, zyasoft
Priority: low Keywords: test failure causes

Created on 2019-05-12.06:20:59 by jeff.allen, last changed 2019-05-12.06:20:59 by jeff.allen.

Messages
msg12504 (view) Author: Jeff Allen (jeff.allen) Date: 2019-05-12.06:20:58
I updated the JARs for BouncyCastle from 1.57 to 1.61 (see #2742), but now I get a regression on Java 7 (but not 8 or later). At the moment, I don't understand why, so will add a skip citing this issue.

I'm making this a low priority while it has only been observed for Java 7.

The new failure as follows:

======================================================================
ERROR: test_load_cert_chain (__main__.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "D:\hg\jython-int\dist\Lib\test\test_ssl.py", line 820, in test_load_cert_chain
    ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD)
  File "D:\hg\jython-int\dist\Lib\ssl.py", line 1128, in load_cert_chain
    self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
  File "D:\hg\jython-int\dist\Lib\ssl.py", line 1128, in load_cert_chain
    self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 123, in _get_openssl_key_manager
    _certs, _private_key = _extract_certs_for_paths([cert_file], password)
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 220, in _extract_certs_for_paths
    _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter)
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 239, in _extract_cert_from_data
    certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter)
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data
    key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider))
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data
    key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider))
PEMException: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available

This looks identical to #2594, the resolution of which I never really understood. (The JARs are on the classpath: from where else would one get a org.bouncycastle.openssl.PEMException?)

There's already a version-sensitive part to this test, making a special case of versions less than 9. This tweak is before we reach the new failure, and it doesn't seem to be about quite the same thing. But this I don't understand this tweak either, and removing does not cause failures, although it may have previously.
History
Date User Action Args
2019-05-12 06:20:59jeff.allencreate