You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Freeman Yue Fang (Jira)" <ji...@apache.org> on 2021/09/16 00:49:00 UTC

[jira] [Commented] (CAMEL-16959) tests in camel-crypto failed with JDK17

    [ https://issues.apache.org/jira/browse/CAMEL-16959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415815#comment-17415815 ] 

Freeman Yue Fang commented on CAMEL-16959:
------------------------------------------

Currently the test is using keystore ecdsa.jks, which use elliptic curves(EC) sect409r1 [NIST B-409] (1.3.132.0.37) , and sect409r1 is removed from the SunEC provider since JDK16. SunEC will continue to support curves secp256r1, secp384r1, secp521r1, x25519, x448, ed25519, and ed448, so if we generate keystore with supported elliptic curves(such as secp384r1), we should be good with JDK17

and this cli
keytool -genkeypair -keyalg EC -groupname secp384r1  -alias ECDSA -keystore ecdsa.jks -storepass security -validity 1600
seems can fix the broken test.
The parameter "-groupname secp384r1 " matters here



> tests in camel-crypto failed with JDK17
> ---------------------------------------
>
>                 Key: CAMEL-16959
>                 URL: https://issues.apache.org/jira/browse/CAMEL-16959
>             Project: Camel
>          Issue Type: Sub-task
>          Components:  camel-crypto
>            Reporter: Freeman Yue Fang
>            Assignee: Freeman Yue Fang
>            Priority: Major
>
> we can see from the log
> {code}
> java.security.SignatureException: java.security.InvalidAlgorithmParameterException: Legacy SunEC curve disabled:  sect409r1 [NIST B-409] (1.3.132.0.37)
>         at sun.security.ec.ECDSASignature.engineSign(ECDSASignature.java:472) ~[jdk.crypto.ec:?]
>         at java.security.Signature$Delegate.engineSign(Signature.java:1424) ~[?:?]
>         at java.security.Signature.sign(Signature.java:713) ~[?:?]
>         at org.apache.camel.component.crypto.processor.SigningProcessor.process(SigningProcessor.java:42) ~[classes/:?]
>         at org.apache.camel.component.crypto.DigitalSignatureProducer.process(DigitalSignatureProducer.java:37) ~[classes/:?]
>         at org.apache.camel.support.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:66) ~[camel-support-3.12.0-SNAPSHOT.jar:3.12.0-SNAPSHOT]
>         at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:172) ~[camel-core-processor-3.12.0-SNAPSHOT.jar:3.12.0-SNAPSHOT]
>         at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.run(RedeliveryErrorHandler.java:469) ~[camel-core-processor-3.12.0-SNAPSHOT.jar:3.12.0-SNAPSHOT]
> {code}
> this error actually exists since JDK16, and I believe this is caused by the JDK change(Remove the legacy elliptic curves) tracked by
> https://bugs.openjdk.java.net/browse/JDK-8251547



--
This message was sent by Atlassian Jira
(v8.3.4#803005)