Details
-
Bug
-
Resolution: Fixed
-
Critical
-
1.2.5
-
None
-
None
-
Java 6 (openJDK, Apple JVM)
Description
This problem affects all versions since 1.2.5, when using Java 6 and an unprotected bucket is used.
The JDK 6 (at least OpenJDK, as seen from sources, and Apple JVM, as seen from execution) implementation of HmacCore fails with an InvalidKeyException ("Missing key data").
Caused by: java.security.InvalidKeyException: Missing key data
|
at com.sun.crypto.provider.HmacCore.a(DashoA13*..)
|
at com.sun.crypto.provider.HmacCore$HmacSHA512.engineInit(DashoA13*..)
|
at javax.crypto.Mac.a(DashoA13*..)
|
at javax.crypto.Mac.init(DashoA13*..)
|
at com.couchbase.client.core.security.sasl.ShaSaslClient.pbkdf2(ShaSaslClient.java:256)
|
It seems that accepting emtpy keys was only added in OpenJDK 7