NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available when trying to sign with DIGICERTONE keylocker without client tools

[dcherian-dev]

Hello, I have the following code snippet:

        AuthenticodeSigner signer = null;
        String storePass = String.format("%s|%s|%s", apiKey, certFile, secret);
        KeyStore keystore = new KeyStoreBuilder().storetype(KeyStoreType.DIGICERTONE).storepass(storePass).build();
        signer = new AuthenticodeSigner(keystore, alias, null);
        signer.withProgramName(progName)
                .withProgramURL(progUrl)
                .withSignatureProvider(keystore.getProvider())
                .withTimestamping(true)
                .withTimestampingAuthority(caTimestampUrl);
        Signable file = Signable.of(new File(tobeSigned));
        signer.sign(file);

Could you please tell me what is missing that it is getting the above exception. The certFile string the path to the Certificate_pkcs11.p12 cert.

[ebourg]

What artifact did you include in your project dependencies? net.jsign:jsign or net.jsign:jsign-core?

[dcherian-dev]

net.jsign:jsign is what I have

[dcherian-dev]

I have tried with net.jsign:jsign-core as well. It throws the same exception and traceback:

java.lang.RuntimeException: Failed to load the client certificate for DigiCert ONE
at net.jsign.jca.DigiCertOneSigningService.getKeyManager(DigiCertOneSigningService.java:216)
at net.jsign.jca.DigiCertOneSigningService.(DigiCertOneSigningService.java:71)
at net.jsign.KeyStoreType$13.getProvider(KeyStoreType.java:346)
at net.jsign.KeyStoreBuilder.provider(KeyStoreBuilder.java:268)
at net.jsign.KeyStoreBuilder.build(KeyStoreBuilder.java:281)
at net.ordr.codesign.CodeSigner.main(CodeSigner.java:58)
Caused by: java.security.KeyStoreException: Unable to load the keystore /root/code_sign_conf/Certificate_pkcs12.p12
at net.jsign.KeyStoreType.getKeystore(KeyStoreType.java:499)
at net.jsign.KeyStoreBuilder.build(KeyStoreBuilder.java:281)
at net.jsign.jca.DigiCertOneSigningService.getKeyManager(DigiCertOneSigningService.java:209)
... 5 more
Caused by: java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2108)
at java.security.KeyStore.load(KeyStore.java:1445)
at net.jsign.KeyStoreType.getKeystore(KeyStoreType.java:496)
... 7 more
Caused by: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
at javax.crypto.Mac.getInstance(Mac.java:181)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2090)
... 9 more

[ebourg]

The HmacPBESHA256 algorithm isn't supported by your JDK. Upgrading to Java 17 should fix this. It that's not possible you have to export your certificate to a different keystore using an algorithm supported by your JDK

[dcherian-dev]

Thanks for the confirmation. I have Java 8.