Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI] CertificateToolTests testHandleLongPasswords failing #75952

Closed
hendrikmuhs opened this issue Aug 2, 2021 · 3 comments
Closed

[CI] CertificateToolTests testHandleLongPasswords failing #75952

hendrikmuhs opened this issue Aug 2, 2021 · 3 comments
Assignees
@tvernum
Labels
:Security/Security Security issues without another label Team:Security Meta label for security team >test-failure Triaged test failures from CI

Comments

@hendrikmuhs
Copy link

Build scan:
https://gradle-enterprise.elastic.co/s/iiklryphush4o/tests/:x-pack:plugin:security:cli:test/org.elasticsearch.xpack.security.cli.CertificateToolTests/testHandleLongPasswords

Reproduction line:
./gradlew ':x-pack:plugin:security:cli:test' --tests "org.elasticsearch.xpack.security.cli.CertificateToolTests.testHandleLongPasswords" -Dtests.seed=7FB5BB3D2F879153 -Dtests.locale=und -Dtests.timezone=Europe/Astrakhan -Druntime.java=8

Applicable branches:
7.x

Reproduces locally?:
Yes

Failure history:
https://gradle-enterprise.elastic.co/scans/tests?tests.container=org.elasticsearch.xpack.security.cli.CertificateToolTests&tests.test=testHandleLongPasswords

Failure excerpt:

java.security.KeyStoreException: Key protection  algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede

  at __randomizedtesting.SeedInfo.seed([7FB5BB3D2F879153:C75949AD03BC58F]:0)
  at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677)
  at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
  at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
  at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.lambda$writePkcs12$5(CertificateTool.java:562)
  at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:998)
  at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:86)
  at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.writePkcs12(CertificateTool.java:560)
  at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.lambda$writeCertificateAuthority$1(CertificateTool.java:907)
  at org.elasticsearch.xpack.security.cli.CertificateTool.fullyWriteFile(CertificateTool.java:1056)
  at org.elasticsearch.xpack.security.cli.CertificateTool.access$500(CertificateTool.java:86)
  at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.writeCertificateAuthority(CertificateTool.java:906)
  at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.execute(CertificateTool.java:897)
  at org.elasticsearch.xpack.security.cli.CertificateToolTests.testHandleLongPasswords(CertificateToolTests.java:441)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:498)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1750)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:938)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:974)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:988)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:368)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:817)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:468)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:947)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:832)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:883)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:894)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:368)
  at java.lang.Thread.run(Thread.java:748)

  Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede

    at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921)
    at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
    at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
    at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
    at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.lambda$writePkcs12$5(CertificateTool.java:562)
    at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:998)
    at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:86)
    at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.writePkcs12(CertificateTool.java:560)
    at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.lambda$writeCertificateAuthority$1(CertificateTool.java:907)
    at org.elasticsearch.xpack.security.cli.CertificateTool.fullyWriteFile(CertificateTool.java:1056)
    at org.elasticsearch.xpack.security.cli.CertificateTool.access$500(CertificateTool.java:86)
    at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.writeCertificateAuthority(CertificateTool.java:906)
    at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.execute(CertificateTool.java:897)
    at org.elasticsearch.xpack.security.cli.CertificateToolTests.testHandleLongPasswords(CertificateToolTests.java:441)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1750)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:938)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:974)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:988)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
    at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
    at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
    at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
    at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:368)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:817)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:468)
    at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:947)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:832)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:883)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:894)
    at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
    at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
    at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
    at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
    at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
    at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
    at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
    at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:368)
    at java.lang.Thread.run(Thread.java:748)

    Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede

      at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
      at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938)
      at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895)
      at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
      at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
      at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
      at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.lambda$writePkcs12$5(CertificateTool.java:562)
      at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:998)
      at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:86)
      at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.writePkcs12(CertificateTool.java:560)
      at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.lambda$writeCertificateAuthority$1(CertificateTool.java:907)
      at org.elasticsearch.xpack.security.cli.CertificateTool.fullyWriteFile(CertificateTool.java:1056)
      at org.elasticsearch.xpack.security.cli.CertificateTool.access$500(CertificateTool.java:86)
      at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.writeCertificateAuthority(CertificateTool.java:906)
      at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.execute(CertificateTool.java:897)
      at org.elasticsearch.xpack.security.cli.CertificateToolTests.testHandleLongPasswords(CertificateToolTests.java:441)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1750)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:938)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:974)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:988)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
      at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
      at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
      at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
      at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:368)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:817)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:468)
      at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:947)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:832)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:883)
      at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:894)
      at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
      at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
      at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
      at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
      at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
      at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
      at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
      at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:368)
      at java.lang.Thread.run(Thread.java:748)
@hendrikmuhs hendrikmuhs added :Security/Security Security issues without another label >test-failure Triaged test failures from CI labels Aug 2, 2021
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Aug 2, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@tvernum tvernum self-assigned this Aug 2, 2021
@tvernum
Copy link
Contributor

tvernum commented Aug 2, 2021

Another one for #75718
I'll sort out a mute tomorrow.
Sorry for the noise.

tvernum added a commit to tvernum/elasticsearch that referenced this issue Aug 3, 2021
@tvernum
[Test] Mute more certificate tests on JDK8 u292
dd08faa 
JDK 1.8.0_292 has a race condition that sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as unavailable.

This change mutes additional tests on this JDK build

Relates: elastic#75952, elastic#75571, elastic#75718
This was referenced Aug 3, 2021
Merged
Closed
tvernum added a commit that referenced this issue Aug 3, 2021
@tvernum
[Test] Mute more certificate tests on JDK8 u292 (#75994)
6bc9972 
JDK 1.8.0_292 has a race condition that sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as unavailable.

This change mutes additional tests on this JDK build

Relates: #75952, #75571, #75718
jkakavas added a commit to jkakavas/elasticsearch that referenced this issue Feb 15, 2022
@jkakavas
Remove redundant mute for bug JDK-8266279
8cd7cef 
We had muted specifc tests that were hit by JDK-8266279, by not
allowing the tests to run on Java 1.8.0_292. We have since upgraded
our Java 8 version in CI to Java 1.8.0_301 so the muting is
irrelevant and can be removed

Resolves elastic#75571, elastic#75417, elastic#75379, elastic#72639, elastic#72359, elastic#75952, elastic#75718
@jkakavas jkakavas mentioned this issue Feb 15, 2022
Closed
jkakavas added a commit to jkakavas/elasticsearch that referenced this issue Feb 15, 2022
@jkakavas
Remove redundant mute for bug JDK-8266279
29d9cb2 
We had muted specific tests that were hit by JDK-8266279, by not
allowing the tests to run on Java 1.8.0_292. We have since upgraded
our Java 8 version in CI to Java 1.8.0_301 so the muting is
irrelevant and can be removed

Resolves elastic#75571, elastic#75417, elastic#75379, elastic#72639, elastic#72359, elastic#75952, elastic#75718
@jkakavas jkakavas mentioned this issue Feb 15, 2022
Merged
@jkakavas
Copy link
Member

Fixed in later jdk8 version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tvernum tvernum

Labels
:Security/Security Security issues without another label Team:Security Meta label for security team >test-failure Triaged test failures from CI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tvernum @hendrikmuhs @jkakavas @elasticmachine