From 912c82e50de096ff35ce31910ea8388298b0193e Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <wilkinsona@vmware.com>
Date: Tue, 27 Apr 2021 16:53:06 +0100
Subject: [PATCH] Work around https://bugs.openjdk.java.net/browse/JDK-8156584

sun.security.x509.AlgorithmId.get(String) isn't thread-safe and can
lead to null be returned for an algorithm that should be present.

This commit aims to work around this problem by avoiding the call
to AlgorithmId.get(String). It does so by configuring the
PKCS12 key protection algorithm to one that starts with
pbewithhmacsha (case insensitive). This short-circuits the logic
in PKCS12KeyStore.mapPBEAlgorithmToOID(String) and avoids the call to
AlgorithmId.get(String). Thanks again to @dreis2211 for the
suggestion.

The work around is only used when building with Java 8 as the problem
was fixed in Java 9.

Closes gh-26252
---
 .../org/springframework/boot/build/JavaConventions.java  | 9 +++++++++
 .../src/main/resources/jdk-8156584-security.properties   | 1 +
 2 files changed, 10 insertions(+)
 create mode 100644 buildSrc/src/main/resources/jdk-8156584-security.properties

diff --git a/buildSrc/src/main/java/org/springframework/boot/build/JavaConventions.java b/buildSrc/src/main/java/org/springframework/boot/build/JavaConventions.java
index 315542c6bf2..2f917a9111b 100644
--- a/buildSrc/src/main/java/org/springframework/boot/build/JavaConventions.java
+++ b/buildSrc/src/main/java/org/springframework/boot/build/JavaConventions.java
@@ -28,6 +28,7 @@ import java.util.stream.Collectors;
 
 import io.spring.javaformat.gradle.FormatTask;
 import io.spring.javaformat.gradle.SpringJavaFormatPlugin;
+import org.gradle.api.JavaVersion;
 import org.gradle.api.Project;
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.artifacts.ConfigurationContainer;
@@ -141,6 +142,10 @@ class JavaConventions {
 			withOptionalBuildJavaHome(project, (javaHome) -> test.setExecutable(javaHome + "/bin/java"));
 			test.useJUnitPlatform();
 			test.setMaxHeapSize("1024M");
+			if (buildingWithJava8(project)) {
+				test.systemProperty("java.security.properties",
+						getClass().getClassLoader().getResource("jdk-8156584-security.properties"));
+			}
 		});
 		project.getPlugins().withType(JavaPlugin.class, (javaPlugin) -> project.getDependencies()
 				.add(JavaPlugin.TEST_RUNTIME_ONLY_CONFIGURATION_NAME, "org.junit.platform:junit-platform-launcher"));
@@ -153,6 +158,10 @@ class JavaConventions {
 				}));
 	}
 
+	private boolean buildingWithJava8(Project project) {
+		return (!project.hasProperty("buildJavaHome")) && JavaVersion.current() == JavaVersion.VERSION_1_8;
+	}
+
 	private boolean isCi() {
 		return Boolean.parseBoolean(System.getenv("CI"));
 	}
diff --git a/buildSrc/src/main/resources/jdk-8156584-security.properties b/buildSrc/src/main/resources/jdk-8156584-security.properties
new file mode 100644
index 00000000000..2d72ee6c449
--- /dev/null
+++ b/buildSrc/src/main/resources/jdk-8156584-security.properties
@@ -0,0 +1 @@
+keystore.pkcs12.keyProtectionAlgorithm=PBEWithHmacSHA256AndAES_256
\ No newline at end of file