Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI] SamlRealmTests.testCreateSigningCredentialFromKeyStoreFailureScenarios failure #75379

Closed
astefan opened this issue Jul 15, 2021 · 2 comments
Closed

[CI] SamlRealmTests.testCreateSigningCredentialFromKeyStoreFailureScenarios failure #75379

astefan opened this issue Jul 15, 2021 · 2 comments
Assignees
@tvernum
Labels
:Security/Security Security issues without another label Team:Security Meta label for security team >test-failure Triaged test failures from CI

Comments

@astefan
Copy link
Contributor

astefan commented Jul 15, 2021

Build scan: https://gradle-enterprise.elastic.co/s/oaqn5q3yqffto

Repro line:

gradlew ':x-pack:plugin:security:unitTest' -Dtests.seed=650E90755FF7B650 -Dtests.class=org.elasticsearch.xpack.security.authc.saml.SamlRealmTests -Dtests.method="testCreateSigningCredentialFromKeyStoreFailureScenarios" -Dtests.security.manager=true -Dtests.locale=ar-LY -Dtests.timezone=America/Atka -Dcompiler.java=11 -Druntime.java=8

Reproduces locally?: no

Applicable branches: 6.8

Failure history:
https://build-stats.elastic.co/app/kibana#/discover?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-30d,mode:quick,to:now))&_a=(columns:!(_source),index:b646ed00-7efc-11e8-bf69-63c8ef516157,interval:auto,query:(language:kuery,query:'testCreateSigningCredentialFromKeyStoreFailureScenarios%20AND%20build.branch%20:%20%226.8%22'),sort:!(process.time-start,desc))

Failure excerpt:

ERROR   0.03s J9  | SamlRealmTests.testCreateSigningCredentialFromKeyStoreFailureScenarios <<< FAILURES!
   > Throwable #1: java.security.KeyStoreException: Key protection  algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at __randomizedtesting.SeedInfo.seed([650E90755FF7B650:13239521B5747733]:0)
   > 	at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677)
   > 	at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
   > 	at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
   > 	at org.elasticsearch.xpack.security.authc.saml.SamlRealmTests.testCreateSigningCredentialFromKeyStoreFailureScenarios(SamlRealmTests.java:508)
   > 	at java.lang.Thread.run(Thread.java:748)
   > Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921)
   > 	at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
   > 	... 40 more
   > Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
   > 	at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938)
   > 	at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895)
   > 	... 41 more

Similar/identic with #72639.
@astefan astefan added >test-failure Triaged test failures from CI :Security/Security Security issues without another label labels Jul 15, 2021
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Jul 15, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@csoulios csoulios mentioned this issue Jul 16, 2021
Closed
@tvernum tvernum mentioned this issue Jul 26, 2021
Closed
tvernum added a commit to tvernum/elasticsearch that referenced this issue Jul 27, 2021
@tvernum
Mute some security tests on problematic JDK8 build
f647948 
This commit adds some `assumeFalse` (or modifies exising ones) to mute
tests on JDK 1.8.0_292 due to JDK-8266279

On this JDK build, a race condition sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as though it is unavailable.

Relates: elastic#75571, elastic#75417, elastic#75379, elastic#72639, elastic#72359
@tvernum tvernum mentioned this issue Jul 27, 2021
Merged
tvernum added a commit that referenced this issue Jul 27, 2021
@tvernum
Mute some security tests on problematic JDK8 build (#75718)
9b7f151 
This commit adds some `assumeFalse` (or modifies exising ones) to mute
tests on JDK 1.8.0_292 due to JDK-8266279

On this JDK build, a race condition sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as though it is unavailable.

Relates: #75571, #75417, #75379, #72639, #72359
tvernum added a commit to tvernum/elasticsearch that referenced this issue Jul 27, 2021
@tvernum
Mute some security tests on problematic JDK8 build
c8e0812 
This commit adds some `assumeFalse` (or modifies exising ones) to mute
tests on JDK 1.8.0_292 due to JDK-8266279

On this JDK build, a race condition sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as though it is unavailable.

Relates: elastic#75571, elastic#75417, elastic#75379, elastic#72639, elastic#72359
Backport of: elastic#75718
@tvernum tvernum mentioned this issue Jul 27, 2021
Merged
tvernum added a commit that referenced this issue Jul 27, 2021
@tvernum
Mute some security tests on problematic JDK8 build (#75720)
b583832 
This commit adds some `assumeFalse` (or modifies exising ones) to mute
tests on JDK 1.8.0_292 due to JDK-8266279

On this JDK build, a race condition sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as though it is unavailable.

Relates: #75571, #75417, #75379, #72639, #72359
Backport of: #75718
tvernum added a commit to tvernum/elasticsearch that referenced this issue Jul 28, 2021
@tvernum
Mute some security tests on problematic JDK8 build
5740949 
This commit adds some `assumeFalse` (or modifies exising ones) to mute
tests on JDK 1.8.0_292 due to JDK-8266279

On this JDK build, a race condition sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as though it is unavailable.

Relates: elastic#75571, elastic#75417, elastic#75379, elastic#72639, elastic#72359
Backport of: elastic#75718
@tvernum tvernum mentioned this issue Jul 28, 2021
Merged
tvernum added a commit to tvernum/elasticsearch that referenced this issue Jul 28, 2021
@tvernum
Mute some security tests on problematic JDK8 build
07e3f9b 
This commit adds some `assumeFalse` (or modifies exising ones) to mute
tests on JDK 1.8.0_292 due to JDK-8266279

On this JDK build, a race condition sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as though it is unavailable.

Relates: elastic#75571, elastic#75417, elastic#75379, elastic#72639, elastic#72359
Backport of: elastic#75718
@tvernum tvernum mentioned this issue Jul 28, 2021
Merged
elasticsearchmachine pushed a commit that referenced this issue Jul 28, 2021
@tvernum
[Backport] Mute some security tests on problematic JDK8 build (#75763)
ff65fb2 
* Mute some security tests on problematic JDK8 build

This commit adds some `assumeFalse` (or modifies exising ones) to mute
tests on JDK 1.8.0_292 due to JDK-8266279

On this JDK build, a race condition sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as though it is unavailable.

Relates: #75571, #75417, #75379, #72639, #72359
Backport of: #75718

* Fix import
elasticsearchmachine pushed a commit that referenced this issue Jul 28, 2021
@tvernum
Mute some security tests on problematic JDK8 build (#75770)
aca2329 
This commit adds some `assumeFalse` (or modifies exising ones) to mute
tests on JDK 1.8.0_292 due to JDK-8266279

On this JDK build, a race condition sometimes causes the
PBEWithSHA1AndDESede algorithm to appear as though it is unavailable.

Relates: #75571, #75417, #75379, #72639, #72359
Backport of: #75718
@tvernum tvernum self-assigned this Sep 9, 2021
@jkakavas
Copy link
Member

This has been muted in #75770, closing this as won't fix since 6.8 is EOL

jkakavas added a commit to jkakavas/elasticsearch that referenced this issue Feb 15, 2022
@jkakavas
Remove redundant mute for bug JDK-8266279
8cd7cef 
We had muted specifc tests that were hit by JDK-8266279, by not
allowing the tests to run on Java 1.8.0_292. We have since upgraded
our Java 8 version in CI to Java 1.8.0_301 so the muting is
irrelevant and can be removed

Resolves elastic#75571, elastic#75417, elastic#75379, elastic#72639, elastic#72359, elastic#75952, elastic#75718
@jkakavas jkakavas mentioned this issue Feb 15, 2022
Closed
jkakavas added a commit to jkakavas/elasticsearch that referenced this issue Feb 15, 2022
@jkakavas
Remove redundant mute for bug JDK-8266279
29d9cb2 
We had muted specific tests that were hit by JDK-8266279, by not
allowing the tests to run on Java 1.8.0_292. We have since upgraded
our Java 8 version in CI to Java 1.8.0_301 so the muting is
irrelevant and can be removed

Resolves elastic#75571, elastic#75417, elastic#75379, elastic#72639, elastic#72359, elastic#75952, elastic#75718
@jkakavas jkakavas mentioned this issue Feb 15, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tvernum tvernum

Labels
:Security/Security Security issues without another label Team:Security Meta label for security team >test-failure Triaged test failures from CI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@astefan @tvernum @jkakavas @elasticmachine