Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8149411: PKCS12KeyStore cannot extract AES Secret Keys
authorvinnie
Mon, 15 Feb 2016 15:57:58 +0000
changeset 35958 31866c4c84d3
parent 35814 6c644cca3f3f
child 35959 c4c9ee2cb926
child 35974 5d40126ca3c2
8149411: PKCS12KeyStore cannot extract AES Secret Keys Reviewed-by: xuelei
jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java file | annotate | diff | comparison | revisions
jdk/test/sun/security/pkcs12/P12SecretKey.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Wed Jul 05 21:20:45 2017 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Mon Feb 15 15:57:58 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -394,19 +394,19 @@
 
             // decode secret key
             } else {
-                SecretKeyFactory sKeyFactory =
-                    SecretKeyFactory.getInstance(keyAlgo);
                 byte[] keyBytes = in.getOctetString();
                 SecretKeySpec secretKeySpec =
                     new SecretKeySpec(keyBytes, keyAlgo);
 
                 // Special handling required for PBE: needs a PBEKeySpec
                 if (keyAlgo.startsWith("PBE")) {
+                    SecretKeyFactory sKeyFactory =
+                        SecretKeyFactory.getInstance(keyAlgo);
                     KeySpec pbeKeySpec =
                         sKeyFactory.getKeySpec(secretKeySpec, PBEKeySpec.class);
                     key = sKeyFactory.generateSecret(pbeKeySpec);
                 } else {
-                    key = sKeyFactory.generateSecret(secretKeySpec);
+                    key = secretKeySpec;
                 }
 
                 if (debug != null) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs12/P12SecretKey.java	Mon Feb 15 15:57:58 2016 +0000
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8149411
+ * @summary Get AES key from keystore (uses SecretKeySpec not SecretKeyFactory)
+ */
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+import java.util.Arrays;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+
+public class P12SecretKey {
+
+    private static final String ALIAS = "alias";
+
+    public static void main(String[] args) throws Exception {
+        P12SecretKey testp12 = new P12SecretKey();
+        String keystoreType = "pkcs12";
+        if (args != null && args.length > 0) {
+            keystoreType = args[0];
+        }
+        testp12.run(keystoreType);
+    }
+
+    private void run(String keystoreType) throws Exception {
+        char[] pw = "password".toCharArray();
+        KeyStore ks = KeyStore.getInstance(keystoreType);
+        ks.load(null, pw);
+
+        KeyGenerator kg = KeyGenerator.getInstance("AES");
+        kg.init(128);
+        SecretKey key = kg.generateKey();
+
+        KeyStore.SecretKeyEntry ske = new KeyStore.SecretKeyEntry(key);
+        KeyStore.ProtectionParameter kspp = new KeyStore.PasswordProtection(pw);
+        ks.setEntry(ALIAS, ske, kspp);
+
+        File ksFile = File.createTempFile("test", ".test");
+        try (FileOutputStream fos = new FileOutputStream(ksFile)) {
+            ks.store(fos, pw);
+            fos.flush();
+        }
+
+        // now see if we can get it back
+        try (FileInputStream fis = new FileInputStream(ksFile)) {
+            KeyStore ks2 = KeyStore.getInstance(keystoreType);
+            ks2.load(fis, pw);
+            KeyStore.Entry entry = ks2.getEntry(ALIAS, kspp);
+            SecretKey keyIn = ((KeyStore.SecretKeyEntry)entry).getSecretKey();
+            if (Arrays.equals(key.getEncoded(), keyIn.getEncoded())) {
+                System.err.println("OK: worked just fine with " + keystoreType +
+                                   " keystore");
+            } else {
+                System.err.println("ERROR: keys are NOT equal after storing in "
+                                   + keystoreType + " keystore");
+            }
+        }
+    }
+}
jdk-sandbox