changeset 13185:1b3f2bacaf3f

8192987: keytool should remember real storetype if it is not provided Reviewed-by: mullan
author igerasim
date Wed, 03 Jan 2018 00:46:54 -0800
parents 36b0a61bfcc2
children 70a653814e61
files src/share/classes/sun/security/tools/KeyStoreUtil.java src/share/classes/sun/security/tools/keytool/Main.java test/sun/security/tools/keytool/RealType.java
diffstat 3 files changed, 78 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/tools/KeyStoreUtil.java	Mon Jan 22 13:29:52 2018 -0800
+++ b/src/share/classes/sun/security/tools/KeyStoreUtil.java	Wed Jan 03 00:46:54 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,8 +63,9 @@
      * MSCAPI KeyStores
      */
     public static boolean isWindowsKeyStore(String storetype) {
-        return storetype.equalsIgnoreCase("Windows-MY")
-                || storetype.equalsIgnoreCase("Windows-ROOT");
+        return storetype != null
+                && (storetype.equalsIgnoreCase("Windows-MY")
+                    || storetype.equalsIgnoreCase("Windows-ROOT"));
     }
 
     /**
--- a/src/share/classes/sun/security/tools/keytool/Main.java	Mon Jan 22 13:29:52 2018 -0800
+++ b/src/share/classes/sun/security/tools/keytool/Main.java	Wed Jan 03 00:46:54 2018 -0800
@@ -462,12 +462,12 @@
                 passwords.add(storePass);
             } else if (collator.compare(flags, "-storetype") == 0 ||
                     collator.compare(flags, "-deststoretype") == 0) {
-                storetype = args[++i];
+                storetype = KeyStoreUtil.niceStoreTypeName(args[++i]);
             } else if (collator.compare(flags, "-srcstorepass") == 0) {
                 srcstorePass = getPass(modifier, args[++i]);
                 passwords.add(srcstorePass);
             } else if (collator.compare(flags, "-srcstoretype") == 0) {
-                srcstoretype = args[++i];
+                srcstoretype = KeyStoreUtil.niceStoreTypeName(args[++i]);
             } else if (collator.compare(flags, "-srckeypass") == 0) {
                 srckeyPass = getPass(modifier, args[++i]);
                 passwords.add(srckeyPass);
@@ -592,16 +592,6 @@
      * Execute the commands.
      */
     void doCommands(PrintStream out) throws Exception {
-        if (storetype == null) {
-            storetype = KeyStore.getDefaultType();
-        }
-        storetype = KeyStoreUtil.niceStoreTypeName(storetype);
-
-        if (srcstoretype == null) {
-            srcstoretype = KeyStore.getDefaultType();
-        }
-        srcstoretype = KeyStoreUtil.niceStoreTypeName(srcstoretype);
-
         if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
                 KeyStoreUtil.isWindowsKeyStore(storetype)) {
             token = true;
@@ -626,11 +616,6 @@
                         (".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}"), storetype));
         }
 
-        if (P12KEYSTORE.equalsIgnoreCase(storetype) && command == KEYPASSWD) {
-            throw new UnsupportedOperationException(rb.getString
-                        (".keypasswd.commands.not.supported.if.storetype.is.PKCS12"));
-        }
-
         if (token && (keyPass != null || newPass != null || destKeyPass != null)) {
             throw new IllegalArgumentException(MessageFormat.format(rb.getString
                 (".keypass.and.new.can.not.be.specified.if.storetype.is.{0}"), storetype));
@@ -802,6 +787,9 @@
         }
 
         // Create new keystore
+        if (storetype == null) {
+            storetype = KeyStore.getDefaultType();
+        }
         if (providerName == null) {
             keyStore = KeyStore.getInstance(storetype);
         } else {
@@ -839,6 +827,11 @@
             }
         }
 
+        if (P12KEYSTORE.equalsIgnoreCase(storetype) && command == KEYPASSWD) {
+            throw new UnsupportedOperationException(rb.getString
+                    (".keypasswd.commands.not.supported.if.storetype.is.PKCS12"));
+        }
+
         // All commands that create or modify the keystore require a keystore
         // password.
 
@@ -2014,6 +2007,9 @@
 
         KeyStore store;
         try {
+            if (srcstoretype == null) {
+                srcstoretype = KeyStore.getDefaultType();
+            }
             if (srcProviderName == null) {
                 store = KeyStore.getInstance(srcstoretype);
             } else {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/keytool/RealType.java	Wed Jan 03 00:46:54 2018 -0800
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8192987
+ * @summary keytool should remember real storetype if it is not provided
+ * @library /lib/testlibrary
+ * @run main/othervm RealType
+ */
+
+import jdk.testlibrary.SecurityTools;
+import jdk.testlibrary.OutputAnalyzer;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+public class RealType {
+
+    public static void main(String[] args) throws Throwable {
+
+        kt("-genkeypair -alias a -dname CN=A -keypass changeit -storetype jks")
+                .shouldHaveExitValue(0);
+
+        // -keypasswd command should be allowed on JKS
+        kt("-keypasswd -alias a -new t0ps3cr3t")
+                .shouldHaveExitValue(0);
+
+        Files.delete(Paths.get("ks"));
+
+        kt("-genkeypair -alias a -dname CN=A -keypass changeit -storetype pkcs12")
+                .shouldHaveExitValue(0);
+
+        // A pkcs12 keystore cannot be loaded as a JCEKS keystore
+        kt("-list -storetype jceks").shouldHaveExitValue(1);
+    }
+
+    static OutputAnalyzer kt(String arg) throws Exception {
+        return SecurityTools.keytool("-debug -keystore ks -storepass changeit " + arg);
+    }
+}