Ubuntu
openjdk-6 package

  1. Bug #556549
  2. Comment #7

Comment 7 for bug 556549

Revision history for this message
In , Andrew John Hughes (ahughes) wrote :

With some more debugging on the ReadCertificates test:

Loading sunlabscerts.pem...
----------System.err:(49/3120)----------
encodedPoint: [4, 41, 4, 74, 38, 59, 63, 127, -83, 45, 42, -32, -28, -123, -38, 19, -10, -34, 31, 2, -95, -72, -70, -99, -5, 101, \
62, 91, -32, -87, 87, 35, -89, -21, -25, -119, -58, -70, -63, 118, 124, 77, -125]
encodedParams: [6, 5, 43, -127, 4, 0, 8]
java.security.cert.CertificateParsingException: java.io.IOException: subject key, Could not create EC public key
        at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:171)
        at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
        at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:320)
        at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:550)
        at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:434)
        at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:444)
        at ReadCertificates.readCertificates(ReadCertificates.java:51)
        at ReadCertificates.main(ReadCertificates.java:86)
        at PKCS11Test.premain(PKCS11Test.java:79)
        at PKCS11Test.testDefault(PKCS11Test.java:113)
        at PKCS11Test.main(PKCS11Test.java:86)
 at ReadCertificates.main(ReadCertificates.java:57)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at com.sun.javatest.regtest.MainAction$SameVMThread.run(MainAction.java:595)
        at java.lang.Thread.run(Thread.java:636)
Caused by: java.io.IOException: subject key, Could not create EC public key
        at sun.security.x509.X509Key.parse(X509Key.java:174)
        at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
        at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
        at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
        ... 17 more
Caused by: java.security.InvalidKeyException: Could not create EC public key
        at sun.security.x509.X509Key.buildX509Key(X509Key.java:227)
        at sun.security.x509.X509Key.parse(X509Key.java:170)
        ... 20 more
Caused by: java.security.spec.InvalidKeySpecException: Could not create EC public key
        at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:154)
        at java.security.KeyFactory.generatePublic(KeyFactory.java:321)
        at sun.security.x509.X509Key.buildX509Key(X509Key.java:223)
        ... 21 more
Caused by: java.security.InvalidKeyException: Could not create EC public key
        at sun.security.pkcs11.P11ECKeyFactory.implTranslatePublicKey(P11ECKeyFactory.java:117)
        at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePublic(P11ECKeyFactory.java:152)
        ... 23 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
        at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
        at sun.security.pkcs11.P11ECKeyFactory.generatePublic(P11ECKeyFactory.java:229)
        at sun.security.pkcs11.P11ECKeyFactory.implTranslatePublicKey(P11ECKeyFactory.java:103)
        ... 24 more

The native layer is throwing an error CKR_DOMAIN_PARAMS_INVALID introduced in 2.20. Had to patch OpenJDK to get the error number to message translation so presumably this error was not in the version they referenced.