Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSV Audit Tests Fail with "Invalid secret key format" on JDK 8 with -DforkCount=0 #16

Open
Kortanul opened this issue Dec 2, 2018 · 0 comments
Open

CSV Audit Tests Fail with "Invalid secret key format" on JDK 8 with -DforkCount=0 #16

Kortanul opened this issue Dec 2, 2018 · 0 comments

Comments

@Kortanul
Copy link
Member

Kortanul commented Dec 2, 2018
edited
Loading

Affected Versions

  • feature/fixes-for-22.x-jdk-8-builds

Build Environment

  • Ubuntu 18.04.1 LTS
  • Ubuntu Linux 4.15.0-39-generic Upgrade wrensec-guava to 18.0.5. #42-Ubuntu SMP Tue Oct 23 15:48:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
  • OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)
  • Apache Maven 3.5.2

Steps to Reproduce

  1. Switch to Java 8u171 or later.
  2. Check out wrensec-commons on the feature/fixes-for-22.x-jdk-8-builds branch (currently at b27bc0d).:
  3. Attempt to build CSV audit with mvn clean install -DignoreArtifactSigs -DforkCount=0 -pl audit/forgerock-audit-handler-csv.

Expected Results

  • Project builds successfully.
  • Tests complete successfully.

Actual Results

Tests fail with the following errors:

Dec 02, 2018 10:19:22 PM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: null, array length: -1, nRefs: 1, depth: 1, bytes: 70, ex: n/a
[main] ERROR org.forgerock.security.keystore.KeyStoreBuilder - Error loading keystore
java.io.IOException: Invalid secret key format
        at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at org.forgerock.security.keystore.KeyStoreBuilder.build(KeyStoreBuilder.java:253)
        at org.forgerock.audit.secure.JcaKeyStoreHandler.init(JcaKeyStoreHandler.java:74)
        at org.forgerock.audit.secure.JcaKeyStoreHandler.<init>(JcaKeyStoreHandler.java:59)
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.cleanupKeystore(SecureCsvWriterTest.java:96)
[ERROR] Tests run: 37, Failures: 7, Errors: 0, Skipped: 13, Time elapsed: 4.89 s <<< FAILURE! - in TestSuite
[ERROR] shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.061 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)

[ERROR] shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.017 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)

[ERROR] shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.018 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)

[ERROR] shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.012 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)

[ERROR] shouldVerifyValidFile(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.016 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldVerifyValidFile(CsvSecureVerifierTest.java:46)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldVerifyValidFile(CsvSecureVerifierTest.java:46)

[ERROR] setup(org.forgerock.audit.handlers.csv.CsvWriterTest)  Time elapsed: 0.036 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvWriterTest.setup(CsvWriterTest.java:58)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvWriterTest.setup(CsvWriterTest.java:58)

[ERROR] beforeMethod(org.forgerock.audit.handlers.csv.SecureCsvWriterTest)  Time elapsed: 0.148 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.cleanupKeystore(SecureCsvWriterTest.java:96)
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.beforeMethod(SecureCsvWriterTest.java:76)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.cleanupKeystore(SecureCsvWriterTest.java:96)
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.beforeMethod(SecureCsvWriterTest.java:76)

[INFO]
[INFO] Results:
[INFO]
[ERROR] Failures:
[ERROR] org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)
[ERROR]   Run 1: CsvSecureVerifierTest.shouldNotVerify:60 ▒ IllegalState Unable to load keystor...
[ERROR]   Run 2: CsvSecureVerifierTest.shouldNotVerify:60 ▒ IllegalState Unable to load keystor...
[ERROR]   Run 3: CsvSecureVerifierTest.shouldNotVerify:60 ▒ IllegalState Unable to load keystor...
[ERROR]   Run 4: CsvSecureVerifierTest.shouldNotVerify:60 ▒ IllegalState Unable to load keystor...
[INFO]
[ERROR]   CsvSecureVerifierTest.shouldVerifyValidFile:46 ▒ IllegalState Unable to load k...
[ERROR] org.forgerock.audit.handlers.csv.CsvWriterTest.setup(org.forgerock.audit.handlers.csv.CsvWriterTest)
[ERROR]   Run 1: CsvWriterTest.setup:58 ▒ IllegalState Unable to load keystore
[INFO]   Run 2: PASS
[INFO]   Run 3: PASS
[INFO]   Run 4: PASS
[INFO]
[ERROR] org.forgerock.audit.handlers.csv.SecureCsvWriterTest.beforeMethod(org.forgerock.audit.handlers.csv.SecureCsvWriterTest)
[ERROR]   Run 1: SecureCsvWriterTest.beforeMethod:76->cleanupKeystore:96 ▒ IllegalState Unable ...
[INFO]   Run 2: PASS
[INFO]   Run 3: PASS
[INFO]
[INFO]
[ERROR] Tests run: 29, Failures: 4, Errors: 0, Skipped: 8

Additional Notes

This appears to be related to the class loader being used by the parent Maven process vs. the class loader that Surefire uses.

Other users of JDK 8 have seen similar issues: https://stackoverflow.com/questions/50393533/java-io-ioexception-invalid-secret-key-format-when-opening-jceks-key-store-wi

Known Workarounds

  • If debugging the tests, run them directly through IntelliJ; OR
  • Run the tests in parallel (the default for Surefire) by not using -DforkCount=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Kortanul