Uploaded image for project: 'Java Couchbase JVM Core'
  1. Java Couchbase JVM Core
  2. JVMCBC-365

ShaSaslClient fails with empty key on some JDKs (bucket w/o passwd)

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.2.5
    • 1.3.4
    • None
    • None
    • Java 6 (openJDK, Apple JVM)

    Description

      This problem affects all versions since 1.2.5, when using Java 6 and an unprotected bucket is used.

      The JDK 6 (at least OpenJDK, as seen from sources, and Apple JVM, as seen from execution) implementation of HmacCore fails with an InvalidKeyException ("Missing key data").

      Caused by: java.security.InvalidKeyException: Missing key data
      	at com.sun.crypto.provider.HmacCore.a(DashoA13*..)
      	at com.sun.crypto.provider.HmacCore$HmacSHA512.engineInit(DashoA13*..)
      	at javax.crypto.Mac.a(DashoA13*..)
      	at javax.crypto.Mac.init(DashoA13*..)
      	at com.couchbase.client.core.security.sasl.ShaSaslClient.pbkdf2(ShaSaslClient.java:256)
      

      It seems that accepting emtpy keys was only added in OpenJDK 7

      http://grepcode.com/file_/repository.grepcode.com/java/root/jdk/openjdk/7u40-b43/com/sun/crypto/provider/HmacCore.java/?v=diff&id2=6-b14#119

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          Note that this only happens if a bucket without a password is used, since only then the key on init can be empty.

          daschl Michael Nitschinger added a comment - Note that this only happens if a bucket without a password is used, since only then the key on init can be empty.

          People

            daschl Michael Nitschinger
            simonbasle Simon Baslé (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty