Work around https://bugs.openjdk.java.net/browse/JDK-8156584

wilkinsona · wilkinsona · commit 912c82e50de0 · 2021-04-27T17:27:28.000+01:00
sun.security.x509.AlgorithmId.get(String) isn't thread-safe and can lead to null be returned for an algorithm that should be present. This commit aims to work around this problem by avoiding the call to AlgorithmId.get(String). It does so by configuring the PKCS12 key protection algorithm to one that starts with pbewithhmacsha (case insensitive). This short-circuits the logic in PKCS12KeyStore.mapPBEAlgorithmToOID(String) and avoids the call to AlgorithmId.get(String). Thanks again to @dreis2211 for the suggestion. The work around is only used when building with Java 8 as the problem was fixed in Java 9. Closes gh-26252
diff --git a/buildSrc/src/main/java/org/springframework/boot/build/JavaConventions.java b/buildSrc/src/main/java/org/springframework/boot/build/JavaConventions.java
@@ -28,6 +28,7 @@
 
 import io.spring.javaformat.gradle.FormatTask;
 import io.spring.javaformat.gradle.SpringJavaFormatPlugin;
+import org.gradle.api.JavaVersion;
 import org.gradle.api.Project;
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.artifacts.ConfigurationContainer;
@@ -141,6 +142,10 @@ private void configureTestConventions(Project project) {
 			withOptionalBuildJavaHome(project, (javaHome) -> test.setExecutable(javaHome + "/bin/java"));
 			test.useJUnitPlatform();
 			test.setMaxHeapSize("1024M");
+			if (buildingWithJava8(project)) {
+				test.systemProperty("java.security.properties",
+						getClass().getClassLoader().getResource("jdk-8156584-security.properties"));
+			}
 		});
 		project.getPlugins().withType(JavaPlugin.class, (javaPlugin) -> project.getDependencies()
 				.add(JavaPlugin.TEST_RUNTIME_ONLY_CONFIGURATION_NAME, "org.junit.platform:junit-platform-launcher"));
@@ -153,6 +158,10 @@ private void configureTestConventions(Project project) {
 				}));
 	}
 
+	private boolean buildingWithJava8(Project project) {
+		return (!project.hasProperty("buildJavaHome")) && JavaVersion.current() == JavaVersion.VERSION_1_8;
+	}
+
 	private boolean isCi() {
 		return Boolean.parseBoolean(System.getenv("CI"));
 	}
diff --git a/buildSrc/src/main/resources/jdk-8156584-security.properties b/buildSrc/src/main/resources/jdk-8156584-security.properties
@@ -0,0 +1 @@
+keystore.pkcs12.keyProtectionAlgorithm=PBEWithHmacSHA256AndAES_256

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+keystore.pkcs12.keyProtectionAlgorithm=PBEWithHmacSHA256AndAES_256`