Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Algorithm Name Case Sensitivity?

See original GitHub issue

Hello,

We’ve recently tried to drop Amazon Corretto Crypto Providers into one of our applications that was previously using SunEC quite happily. We’re using corretto-8 with it and have configured our application to use the custom security providers using the -Djava.security.properties=/path/to/amazon-corretto-crypto-provider.security option where the file is the one you specify.

This application is a third-party product that we don’t have visibility of the code of. At a high level, we are configuring it to use the SHA256withECDSA algorithm to sign and verify access tokens.

The snippet we’ve obtained from debug logging is as follows:

org.forgerock.openam.oauth2.token.OAuth2JwtTokenHelper:12/19/2019 05:36:02:381 PM UTC: Thread[http-apr-8443-exec-10,5,main]: TransactionId[3dcad83d-99a8-49a1-ad06-c0167f5be808-160]
Unable to verify JWT with handler org.forgerock.json.jose.jws.handlers.HmacSigningHandler@420cfdc0: {}
org.forgerock.json.jose.exceptions.JwsSigningException: Unsupported Signing Algorithm, SHA256WithECDSA

Caused by: java.security.NoSuchAlgorithmException: Algorithm SHA256WithECDSA not available

The second error message made me think - are algorithm names provided by Amazon Corretto Crypto Provider case sensitive or not? The algorithm SHA256withECDSA is quite clearly supported from the README, but I’m not certain what would happen when SHA256WithECDSA is specified instead.

I’ve had a look at the standard names documentation from Oracle and they specify that names are not case-sensitive.

Note: Standard names are not case-sensitive.

We’ve confirmed that falling back to SunEC causes the same application to work again immediately. Only when we specify that AmazonCorrettoCryptoProvider should be used do we see the issue.

I wonder if you could confirm whether you think specifying SHA256WithECDSA as an algorithm should work.

Apologies if this issue is a bit fuzzy; I’ve tried to give all of the information I have at the moment for what seems to be quite an opaque bug that we’re experiencing…

Issue Analytics

State:
Created 4 years ago
Comments:7 (3 by maintainers)

Top GitHub Comments

1reaction

netyarozecommented, Jan 24, 2020

@SalusaSecondus

Raising for some visibility if any other customers stumble across this, but yeah, it is our signing handler. https://bugster.forgerock.org/jira/browse/COMMONS-532

1reaction

SalusaSeconduscommented, Dec 23, 2019

Please be sure to let us know if ACCP behavior (even if correct) was involved causing this. We like to understand all the interactions of our library.

Top Results From Across the Web

Case sensitivity - Wikipedia

In computers, case sensitivity defines whether uppercase and lowercase letters are treated as distinct (case-sensitive) or equivalent (case-insensitive).

Google: URLs Are Case Sensitive - Search Engine Journal

Google's John Mueller clarifies that URLs are case sensitive, so it matters whether the characters are uppercase or lowercase.

Is Python Case-Sensitive? - LearnPython.com

The shortest answer to the question of case sensitivity in Python is yes. It is a case-sensitive language, like many other popular programming ......

File Name Case Sensitivity | VisualSVN Help Center

It uses case-insensitive algorithm to reject commits which can create duplicate file name. To configure VisualSVN Server for ...

The casesensitivity Property (Solaris ZFS Administration Guide)

The casesensitivity Property ... This property indicates whether the file name matching algorithm used by the file system should be casesensitive, caseinsensitive ...