KeyStore examples not working

[raul-avila-ph]

I'm having a look at the examples after creating an HSM cluster. Most of them work well, except the examples using KeyStore, in those cases I always get an exception like this one:

Exception in thread "main" java.security.KeyStoreException: CloudHSM not found
	at java.base/java.security.KeyStore.getInstance(KeyStore.java:871)
	at com.amazonaws.cloudhsm.examples.AESCBCEncryptDecryptRunner.getKeyByLabel(AESCBCEncryptDecryptRunner.java:82)
	at com.amazonaws.cloudhsm.examples.AESCBCEncryptDecryptRunner.main(AESCBCEncryptDecryptRunner.java:54)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: CloudHSM, provider: CloudHSM, class: com.amazonaws.cloudhsm.jce.provider.CloudHsmKeyStore)
	at java.base/java.security.Provider$Service.newInstance(Provider.java:1868)
	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
	at java.base/java.security.Security.getImpl(Security.java:701)
	at java.base/java.security.KeyStore.getInstance(KeyStore.java:868)
	... 2 more
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field private java.security.KeyStoreSpi java.security.KeyStore.keyStoreSpi accessible: module java.base does not "opens java.security" to unnamed module @39fb3ab6
	at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
	at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
	at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
	at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
	at com.amazonaws.cloudhsm.jce.provider.CloudHsmKeyStore.getSpiFromKeyStore(CloudHsmKeyStore.java:96)
	at com.amazonaws.cloudhsm.jce.provider.CloudHsmKeyStore.<init>(CloudHsmKeyStore.java:123)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
	at java.base/java.security.Provider$Service.newInstanceOf(Provider.java:1879)
	at java.base/java.security.Provider$Service.newInstanceUtil(Provider.java:1886)
	at java.base/java.security.Provider$Service.newInstance(Provider.java:1861)
	... 6 more

I have tried to run this example using different versions of the JDK (8, 11, 17), and also installing a previous version of the JCE provider (5.4.0), as the latest version now is 5.5.0, but I'm always getting the same result.

Is there anything I'm missing here?

[mailtoarpitshah]

Its not working for me as well. Could it be due security feature mentioned on https://openjdk.org/jeps/403?

[jamesHanKey]

The solution I found was to add a jvm arg.
--add-opens=java.base/java.security=ALL-UNNAMED
Breaking-encapsulation
apache netbeans solution

[imalhasaranga]

Is this sorted now ?