8167371: KeyStoreSpi.engineSetEntry should throw an Exception if password protection alg is specified
Reviewed-by: xuelei, mullan
--- a/jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java Thu Oct 13 01:59:39 2016 -0700
+++ b/jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java Thu Oct 13 12:37:42 2016 +0100
@@ -479,6 +479,10 @@
} else if (engineIsKeyEntry(alias)) {
KeyStore.PasswordProtection pp =
(KeyStore.PasswordProtection)protParam;
+ if (pp.getProtectionAlgorithm() != null) {
+ throw new KeyStoreException(
+ "unsupported password protection algorithm");
+ }
char[] password = pp.getPassword();
Key key = engineGetKey(alias, password);
@@ -524,6 +528,10 @@
KeyStore.PasswordProtection pProtect = null;
if (protParam != null) {
pProtect = (KeyStore.PasswordProtection)protParam;
+ if (pProtect.getProtectionAlgorithm() != null) {
+ throw new KeyStoreException(
+ "unsupported password protection algorithm");
+ }
}
// set entry
--- a/jdk/test/java/security/KeyStore/TestKeyStoreBasic.java Thu Oct 13 01:59:39 2016 -0700
+++ b/jdk/test/java/security/KeyStore/TestKeyStoreBasic.java Thu Oct 13 12:37:42 2016 +0100
@@ -40,7 +40,7 @@
/*
* @test
- * @bug 8048621 8133090
+ * @bug 8048621 8133090 8167371
* @summary Test basic operations with keystores (jks, jceks, pkcs12)
* @author Yu-Ching Valerie PENG
*/
@@ -116,6 +116,8 @@
};
private static final String ALIAS_HEAD = "test";
+ private static final String CRYPTO_ALG = "PBEWithHmacSHA256AndAES_128";
+
public static void main(String args[]) throws Exception {
TestKeyStoreBasic jstest = new TestKeyStoreBasic();
jstest.run();
@@ -125,7 +127,7 @@
for (String provider : PROVIDERS) {
try {
runTest(provider);
- System.out.println("Test with provider " + provider + "passed");
+ System.out.println("Test with provider " + provider + " passed");
} catch (java.security.KeyStoreException e) {
if (provider.equals("SunPKCS11-Solaris")) {
System.out.println("KeyStoreException is expected: "
@@ -236,6 +238,44 @@
// compare the creation date of the 2 key stores for all aliases
compareCreationDate(ks, ks2, numEntries);
+ // check setEntry/getEntry with a password protection algorithm
+ if ("PKCS12".equalsIgnoreCase(ks.getType())) {
+ System.out.println(
+ "Skipping the setEntry/getEntry check for PKCS12 keystore...");
+ return;
+ }
+ String alias = ALIAS_HEAD + ALIAS_HEAD;
+ KeyStore.PasswordProtection pw =
+ new KeyStore.PasswordProtection(PASSWD2, CRYPTO_ALG, null);
+ KeyStore.PrivateKeyEntry entry =
+ new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{ cert });
+ checkSetEntry(ks, alias, pw, entry);
+ ks.setEntry(alias, entry, new KeyStore.PasswordProtection(PASSWD2));
+ checkGetEntry(ks, alias, pw);
+ }
+
+ // check setEntry with a password protection algorithm
+ private void checkSetEntry(KeyStore ks, String alias,
+ KeyStore.PasswordProtection pw, KeyStore.Entry entry) throws Exception {
+ try {
+ ks.setEntry(alias, entry, pw);
+ throw new Exception(
+ "ERROR: expected KeyStore.setEntry to throw an exception");
+ } catch (KeyStoreException e) {
+ // ignore the expected exception
+ }
+ }
+
+ // check getEntry with a password protection algorithm
+ private void checkGetEntry(KeyStore ks, String alias,
+ KeyStore.PasswordProtection pw) throws Exception {
+ try {
+ ks.getEntry(alias, pw);
+ throw new Exception(
+ "ERROR: expected KeyStore.getEntry to throw an exception");
+ } catch (KeyStoreException e) {
+ // ignore the expected exception
+ }
}
// check key store type