--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java Thu Sep 08 09:04:28 2011 +0800
+++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java Fri Sep 09 11:18:18 2011 +0800
@@ -1141,17 +1141,14 @@
if (token) {
keyStore.store(null, null);
} else {
- FileOutputStream fout = null;
- try {
- fout = (nullStream ?
- (FileOutputStream)null :
- new FileOutputStream(ksfname));
- keyStore.store
- (fout,
- (storePassNew!=null) ? storePassNew : storePass);
- } finally {
- if (fout != null) {
- fout.close();
+ char[] pass = (storePassNew!=null) ? storePassNew : storePass;
+ if (nullStream) {
+ keyStore.store(null, pass);
+ } else {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ keyStore.store(bout, pass);
+ try (FileOutputStream fout = new FileOutputStream(ksfname)) {
+ fout.write(bout.toByteArray());
}
}
}
@@ -1399,7 +1396,7 @@
private char[] promptForKeyPass(String alias, String orig, char[] origPass) throws Exception{
if (P12KEYSTORE.equalsIgnoreCase(storetype)) {
return origPass;
- } else if (!token) {
+ } else if (!token && !protectedPath) {
// Prompt for key password
int count;
for (count = 0; count < 3; count++) {
@@ -1446,7 +1443,7 @@
}
}
}
- return null; // PKCS11
+ return null; // PKCS11, MSCAPI, or -protected
}
/**
* Creates a new secret key.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/tools/keytool/trystore.sh Fri Sep 09 11:18:18 2011 +0800
@@ -0,0 +1,65 @@
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 7047200
+# @summary keytool can try save to a byte array before overwrite the file
+
+if [ "${TESTJAVA}" = "" ] ; then
+ JAVAC_CMD=`which javac`
+ TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+ Windows_* )
+ FS="\\"
+ ;;
+ * )
+ FS="/"
+ ;;
+esac
+
+rm trystore.jks 2> /dev/null
+
+KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool -storetype jks -keystore trystore.jks"
+$KEYTOOL -genkeypair -alias a -dname CN=A -storepass changeit -keypass changeit
+$KEYTOOL -genkeypair -alias b -dname CN=B -storepass changeit -keypass changeit
+
+# We use -protected for JKS keystore. This is illegal so the command should
+# fail. Then we can check if the keystore is damaged.
+
+$KEYTOOL -genkeypair -protected -alias b -delete -debug
+
+if [ $? = 0 ]; then
+ echo "What? -protected works for JKS?"
+ exit 1
+fi
+
+$KEYTOOL -list -storepass changeit
+
+if [ $? != 0 ]; then
+ echo "Keystore file damaged"
+ exit 2
+fi