changeset 8519:4b2a34270dad

8149411: PKCS12KeyStore cannot extract AES Secret Keys Reviewed-by: xuelei
author vinnie
date Wed, 17 Feb 2016 15:46:46 +0000
parents 0a323edfc379
children 13bdafe86228
files src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java test/sun/security/pkcs12/P12SecretKey.java
diffstat 2 files changed, 91 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Fri Aug 16 16:53:46 2013 +0200
+++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Wed Feb 17 15:46:46 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -366,19 +366,19 @@
 
             // decode secret key
             } else {
-                SecretKeyFactory sKeyFactory =
-                    SecretKeyFactory.getInstance(keyAlgo);
                 byte[] keyBytes = in.getOctetString();
                 SecretKeySpec secretKeySpec =
                     new SecretKeySpec(keyBytes, keyAlgo);
 
                 // Special handling required for PBE: needs a PBEKeySpec
                 if (keyAlgo.startsWith("PBE")) {
+                    SecretKeyFactory sKeyFactory =
+                        SecretKeyFactory.getInstance(keyAlgo);
                     KeySpec pbeKeySpec =
                         sKeyFactory.getKeySpec(secretKeySpec, PBEKeySpec.class);
                     key = sKeyFactory.generateSecret(pbeKeySpec);
                 } else {
-                    key = sKeyFactory.generateSecret(secretKeySpec);
+                    key = secretKeySpec;
                 }
 
                 if (debug != null) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/pkcs12/P12SecretKey.java	Wed Feb 17 15:46:46 2016 +0000
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8149411
+ * @summary Get AES key from keystore (uses SecretKeySpec not SecretKeyFactory)
+ */
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+import java.util.Arrays;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+
+public class P12SecretKey {
+
+    private static final String ALIAS = "alias";
+
+    public static void main(String[] args) throws Exception {
+        P12SecretKey testp12 = new P12SecretKey();
+        String keystoreType = "pkcs12";
+        if (args != null && args.length > 0) {
+            keystoreType = args[0];
+        }
+        testp12.run(keystoreType);
+    }
+
+    private void run(String keystoreType) throws Exception {
+        char[] pw = "password".toCharArray();
+        KeyStore ks = KeyStore.getInstance(keystoreType);
+        ks.load(null, pw);
+
+        KeyGenerator kg = KeyGenerator.getInstance("AES");
+        kg.init(128);
+        SecretKey key = kg.generateKey();
+
+        KeyStore.SecretKeyEntry ske = new KeyStore.SecretKeyEntry(key);
+        KeyStore.ProtectionParameter kspp = new KeyStore.PasswordProtection(pw);
+        ks.setEntry(ALIAS, ske, kspp);
+
+        File ksFile = File.createTempFile("test", ".test");
+        try (FileOutputStream fos = new FileOutputStream(ksFile)) {
+            ks.store(fos, pw);
+            fos.flush();
+        }
+
+        // now see if we can get it back
+        try (FileInputStream fis = new FileInputStream(ksFile)) {
+            KeyStore ks2 = KeyStore.getInstance(keystoreType);
+            ks2.load(fis, pw);
+            KeyStore.Entry entry = ks2.getEntry(ALIAS, kspp);
+            SecretKey keyIn = ((KeyStore.SecretKeyEntry)entry).getSecretKey();
+            if (Arrays.equals(key.getEncoded(), keyIn.getEncoded())) {
+                System.err.println("OK: worked just fine with " + keystoreType +
+                                   " keystore");
+            } else {
+                System.err.println("ERROR: keys are NOT equal after storing in "
+                                   + keystoreType + " keystore");
+            }
+        }
+    }
+}