8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

Reviewed-by: valeriep

src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java

@@ -804,11 +804,17 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
      */
     private AlgorithmParameters getPBEAlgorithmParameters(
             String algorithm, int iterationCount) throws IOException {
-        AlgorithmParameters algParams = null;
+        AlgorithmParameters algParams;
+
+        byte[] salt = getSalt();
+        if (KnownOIDs.findMatch(algorithm) == KnownOIDs.PBEWithMD5AndDES) {
+            // PBES1 scheme such as PBEWithMD5AndDES requires a 8-byte salt
+            salt = Arrays.copyOf(salt, 8);
+        }
 
         // create PBE parameters from salt and iteration count
         PBEParameterSpec paramSpec =
-                new PBEParameterSpec(getSalt(), iterationCount);
+                new PBEParameterSpec(salt, iterationCount);
         try {
            algParams = AlgorithmParameters.getInstance(algorithm);
            algParams.init(paramSpec);

test/jdk/sun/security/pkcs12/ParamsPreferences.java

@@ -35,7 +35,7 @@ import static sun.security.util.KnownOIDs.*;
 
 /*
  * @test
- * @bug 8076190 8242151 8153005
+ * @bug 8076190 8242151 8153005 8266293
  * @library /test/lib
  * @modules java.base/sun.security.pkcs
  *          java.base/sun.security.util
@@ -193,6 +193,15 @@ public class ParamsPreferences {
                 PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,
                 PBEWithSHA1AndRC4_40, 10000,
                 SHA_256, 10000);
+
+        // 8266293
+        test(c++,
+                Map.of("keystore.pkcs12.keyProtectionAlgorithm", "PBEWithMD5AndDES",
+                        "keystore.pkcs12.certProtectionAlgorithm", "PBEWithMD5AndDES"),
+                Map.of(),
+                PBEWithMD5AndDES, 10000,
+                PBEWithMD5AndDES, 10000,
+                SHA_256, 10000);
     }
 
     /**