# HG changeset patch # User mullan # Date 1516373375 18000 # Node ID 953eca1167b6520db8067a51804ee80383aaa20b # Parent f4e628259d1b6d95ae996a875289dd88eaee1d19 8194307: KeyStore#getInstance with custom LoadStoreParameter succeeds with invalid password Reviewed-by: weijun, vinnie diff -r f4e628259d1b -r 953eca1167b6 src/java.base/share/classes/java/security/KeyStore.java --- a/src/java.base/share/classes/java/security/KeyStore.java Thu Jan 18 16:15:16 2018 -0800 +++ b/src/java.base/share/classes/java/security/KeyStore.java Fri Jan 19 09:49:35 2018 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1802,11 +1802,11 @@ // Load the keystore data if (keystore != null) { + dataStream.reset(); // prepare the stream for loading if (hasPassword) { - dataStream.reset(); // prepare the stream for loading keystore.load(dataStream, password); } else { - keystore.load(param); + keystore.keyStoreSpi.engineLoad(dataStream, param); } return keystore; } diff -r f4e628259d1b -r 953eca1167b6 src/java.base/share/classes/java/security/KeyStoreSpi.java --- a/src/java.base/share/classes/java/security/KeyStoreSpi.java Thu Jan 18 16:15:16 2018 -0800 +++ b/src/java.base/share/classes/java/security/KeyStoreSpi.java Fri Jan 19 09:49:35 2018 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -395,6 +395,12 @@ public void engineLoad(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException { + engineLoad(null, param); + } + + void engineLoad(InputStream stream, KeyStore.LoadStoreParameter param) + throws IOException, NoSuchAlgorithmException, + CertificateException { if (param == null) { engineLoad((InputStream)null, (char[])null); @@ -425,7 +431,7 @@ throw new NoSuchAlgorithmException("ProtectionParameter must" + " be PasswordProtection or CallbackHandlerProtection"); } - engineLoad(null, password); + engineLoad(stream, password); return; } diff -r f4e628259d1b -r 953eca1167b6 test/jdk/java/security/KeyStore/ProbeKeystores.java --- a/test/jdk/java/security/KeyStore/ProbeKeystores.java Thu Jan 18 16:15:16 2018 -0800 +++ b/test/jdk/java/security/KeyStore/ProbeKeystores.java Fri Jan 19 09:49:35 2018 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 8044445 + * @bug 8044445 8194307 * @summary test new methods from JEP-229: Create PKCS12 Keystores by Default */ @@ -37,9 +37,26 @@ public class ProbeKeystores { private static final char[] PASSWORD = "changeit".toCharArray(); private static final char[] BAD_PASSWORD = "badpasword".toCharArray(); + private static final LoadStoreParameter LOAD_STORE_PARAM = + new MyLoadStoreParameter(new PasswordProtection(PASSWORD)); + private static final LoadStoreParameter BAD_LOAD_STORE_PARAM = + new MyLoadStoreParameter(new PasswordProtection(BAD_PASSWORD)); private static final String DIR = System.getProperty("test.src", "."); private static final String CERT_FILE = "trusted.pem"; + private static class MyLoadStoreParameter implements LoadStoreParameter { + + private ProtectionParameter protection; + + MyLoadStoreParameter(ProtectionParameter protection) { + this.protection = protection; + } + + public ProtectionParameter getProtectionParameter() { + return protection; + } + } + public static final void main(String[] args) throws Exception { // Testing empty keystores @@ -173,6 +190,23 @@ } catch (IOException e) { System.out.println("Failed to load a " + type + " keystore named '" + file + "' (as expected)"); } + + // Now try with the correct password within a LoadStoreParameter + ks = KeyStore.getInstance(new File(file), LOAD_STORE_PARAM); + if (!type.equalsIgnoreCase(ks.getType())) { + throw new Exception("ERROR: expected a " + type + " keystore, " + + "got a " + ks.getType() + " keystore instead"); + } else { + System.out.println("Probed a " + type + " keystore named '" + file + "'"); + } + + // Next try with an incorrect password within a LoadStoreParameter + try { + ks = KeyStore.getInstance(new File(file), BAD_LOAD_STORE_PARAM); + throw new Exception("ERROR: expected an exception but got success"); + } catch (IOException e) { + System.out.println("Failed to load a " + type + " keystore named '" + file + "' (as expected)"); + } } // Instantiate a keystore by probing the supplied file for the keystore type