CSV Audit Tests Fail with "Invalid secret key format" on JDK 8 with `-DforkCount=0`

[Kortanul]

Affected Versions

• feature/fixes-for-22.x-jdk-8-builds

Build Environment

• Ubuntu 18.04.1 LTS
• Ubuntu Linux 4.15.0-39-generic #42-Ubuntu SMP Tue Oct 23 15:48:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
• OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)
• Apache Maven 3.5.2

Steps to Reproduce

1. Switch to Java 8u171 or later.
2. Check out wrensec-commons on the feature/fixes-for-22.x-jdk-8-builds branch (currently at b27bc0d).:
3. Attempt to build CSV audit with mvn clean install -DignoreArtifactSigs -DforkCount=0 -pl audit/forgerock-audit-handler-csv.

Expected Results

• Project builds successfully.
• Tests complete successfully.

Actual Results

Tests fail with the following errors:

Dec 02, 2018 10:19:22 PM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: null, array length: -1, nRefs: 1, depth: 1, bytes: 70, ex: n/a
[main] ERROR org.forgerock.security.keystore.KeyStoreBuilder - Error loading keystore
java.io.IOException: Invalid secret key format
        at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at org.forgerock.security.keystore.KeyStoreBuilder.build(KeyStoreBuilder.java:253)
        at org.forgerock.audit.secure.JcaKeyStoreHandler.init(JcaKeyStoreHandler.java:74)
        at org.forgerock.audit.secure.JcaKeyStoreHandler.<init>(JcaKeyStoreHandler.java:59)
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.cleanupKeystore(SecureCsvWriterTest.java:96)
[ERROR] Tests run: 37, Failures: 7, Errors: 0, Skipped: 13, Time elapsed: 4.89 s <<< FAILURE! - in TestSuite
[ERROR] shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.061 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)

[ERROR] shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.017 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)

[ERROR] shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.018 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)

[ERROR] shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.012 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(CsvSecureVerifierTest.java:60)

[ERROR] shouldVerifyValidFile(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)  Time elapsed: 0.016 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldVerifyValidFile(CsvSecureVerifierTest.java:46)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldVerifyValidFile(CsvSecureVerifierTest.java:46)

[ERROR] setup(org.forgerock.audit.handlers.csv.CsvWriterTest)  Time elapsed: 0.036 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.CsvWriterTest.setup(CsvWriterTest.java:58)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.CsvWriterTest.setup(CsvWriterTest.java:58)

[ERROR] beforeMethod(org.forgerock.audit.handlers.csv.SecureCsvWriterTest)  Time elapsed: 0.148 s  <<< FAILURE!
java.lang.IllegalStateException: Unable to load keystore
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.cleanupKeystore(SecureCsvWriterTest.java:96)
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.beforeMethod(SecureCsvWriterTest.java:76)
Caused by: java.io.IOException: Invalid secret key format
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.cleanupKeystore(SecureCsvWriterTest.java:96)
        at org.forgerock.audit.handlers.csv.SecureCsvWriterTest.beforeMethod(SecureCsvWriterTest.java:76)

[INFO]
[INFO] Results:
[INFO]
[ERROR] Failures:
[ERROR] org.forgerock.audit.handlers.csv.CsvSecureVerifierTest.shouldNotVerify(org.forgerock.audit.handlers.csv.CsvSecureVerifierTest)
[ERROR]   Run 1: CsvSecureVerifierTest.shouldNotVerify:60 ▒ IllegalState Unable to load keystor...
[ERROR]   Run 2: CsvSecureVerifierTest.shouldNotVerify:60 ▒ IllegalState Unable to load keystor...
[ERROR]   Run 3: CsvSecureVerifierTest.shouldNotVerify:60 ▒ IllegalState Unable to load keystor...
[ERROR]   Run 4: CsvSecureVerifierTest.shouldNotVerify:60 ▒ IllegalState Unable to load keystor...
[INFO]
[ERROR]   CsvSecureVerifierTest.shouldVerifyValidFile:46 ▒ IllegalState Unable to load k...
[ERROR] org.forgerock.audit.handlers.csv.CsvWriterTest.setup(org.forgerock.audit.handlers.csv.CsvWriterTest)
[ERROR]   Run 1: CsvWriterTest.setup:58 ▒ IllegalState Unable to load keystore
[INFO]   Run 2: PASS
[INFO]   Run 3: PASS
[INFO]   Run 4: PASS
[INFO]
[ERROR] org.forgerock.audit.handlers.csv.SecureCsvWriterTest.beforeMethod(org.forgerock.audit.handlers.csv.SecureCsvWriterTest)
[ERROR]   Run 1: SecureCsvWriterTest.beforeMethod:76->cleanupKeystore:96 ▒ IllegalState Unable ...
[INFO]   Run 2: PASS
[INFO]   Run 3: PASS
[INFO]
[INFO]
[ERROR] Tests run: 29, Failures: 4, Errors: 0, Skipped: 8

Additional Notes

This appears to be related to the class loader being used by the parent Maven process vs. the class loader that Surefire uses.

Other users of JDK 8 have seen similar issues: https://stackoverflow.com/questions/50393533/java-io-ioexception-invalid-secret-key-format-when-opening-jceks-key-store-wi

Known Workarounds

• If debugging the tests, run them directly through IntelliJ; OR
• Run the tests in parallel (the default for Surefire) by not using -DforkCount=0