Bug 21614 - Keyring file cannot be read using IBM 1.4.0 JRE
Summary: Keyring file cannot be read using IBM 1.4.0 JRE
Status: RESOLVED FIXED
Alias: None
Product: Platform
Classification: Eclipse Project
Component: Resources (show other bugs)
Version: 2.0   Edit
Hardware: All Windows 2000
: P3 major (vote)
Target Milestone: 2.0.1   Edit
Assignee: DJ Houghton CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-07-16 07:33 EDT by Tim Ellison CLA
Modified: 2002-07-18 17:12 EDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Ellison CLA 2002-07-16 07:33:46 EDT 
Build R2.0

Eclipse fails to read the .keyring file containing CVS passwords when running 
on IBM JDK 1.4.0, and leaves it corrupted, as follows:

java.io.IOException: SHA1PRNG SecureRandom not available
  at org.eclipse.core.internal.runtime.CipherInputStream.read
(CipherInputStream.java:71)
  at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2138)
  at java.io.ObjectInputStream$PeekInputStream.readFully
(ObjectInputStream.java:2151)
  at java.io.ObjectInputStream$BlockDataInputStream.readShort
(ObjectInputStream.java:2622)
  at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:729)
  at java.io.ObjectInputStream.<init>(ObjectInputStream.java:254)
  at org.eclipse.core.internal.runtime.AuthorizationDatabase.load
(AuthorizationDatabase.java:260)
  at org.eclipse.core.internal.runtime.AuthorizationDatabase.load
(AuthorizationDatabase.java:248)
  at org.eclipse.core.internal.runtime.AuthorizationDatabase.<init>
(AuthorizationDatabase.java:73)
  at org.eclipse.core.internal.runtime.InternalPlatform.loadKeyring
(InternalPlatform.java:589)


The code fails because there is a hard coded reference to a Sun implementation 
of a random number stream "SHA1PRNG" (see 
org.eclipse.core.internal.runtime.Cipher#nextRandom(int)) that is unavailable 
by default in IBM's JRE.

The code should not reference a particular algorithm.

A work around is to add the following line to jre/lib/security/java.security:
security.provider.5=sun.security.provider.Sun
Comment 1 John Arthorne CLA 2002-07-16 10:56:32 EDT 
SHA1PRNG is listed as a standard algorithm name in the Java 2 SDK Security API 
(Appendix A).  That spec states that the algorithm names in that appendix are 
the standard required names.  Shouldn't all compliant JREs have that algorithm 
available?  It is available in IBM JRE 1.3 and in J9.

Since SHA1PRNG is the only specified algorithm name, the only alternative is to 
use the default constructor of SecureRandom.  The only problem with using it is 
that we won't know what algorithm is used.  This means the keyring file will 
probably never be portable across VMs.  It might also be difficult for export 
control requirements which require us to specify what encryption algorithms are 
used in the product.
Comment 2 John Arthorne CLA 2002-07-18 16:50:24 EDT 
I have released a fix to the HEAD (2.1) stream.  We're now using our own secure 
number generator based on SHA-1.  This also fixes our long-standing problem that 
SHA1PRNG produced a different bit stream on J9, thus .keyring files were never 
portable between J9 and non-J9 VMs.

We should consider as a 2.0.1 candidate.
Comment 3 Kevin McGuire CLA 2002-07-18 17:01:36 EDT 
I agree this should be 2.0.1.