changeset 48516:953eca1167b6

8194307: KeyStore#getInstance with custom LoadStoreParameter succeeds with invalid password Reviewed-by: weijun, vinnie
author mullan
date Fri, 19 Jan 2018 09:49:35 -0500
parents f4e628259d1b
children 48ce4b11bc17
files src/java.base/share/classes/java/security/KeyStore.java src/java.base/share/classes/java/security/KeyStoreSpi.java test/jdk/java/security/KeyStore/ProbeKeystores.java
diffstat 3 files changed, 47 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/java/security/KeyStore.java	Thu Jan 18 16:15:16 2018 -0800
+++ b/src/java.base/share/classes/java/security/KeyStore.java	Fri Jan 19 09:49:35 2018 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1802,11 +1802,11 @@
 
             // Load the keystore data
             if (keystore != null) {
+                dataStream.reset(); // prepare the stream for loading
                 if (hasPassword) {
-                    dataStream.reset(); // prepare the stream for loading
                     keystore.load(dataStream, password);
                 } else {
-                    keystore.load(param);
+                    keystore.keyStoreSpi.engineLoad(dataStream, param);
                 }
                 return keystore;
             }
--- a/src/java.base/share/classes/java/security/KeyStoreSpi.java	Thu Jan 18 16:15:16 2018 -0800
+++ b/src/java.base/share/classes/java/security/KeyStoreSpi.java	Fri Jan 19 09:49:35 2018 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -395,6 +395,12 @@
     public void engineLoad(KeyStore.LoadStoreParameter param)
                 throws IOException, NoSuchAlgorithmException,
                 CertificateException {
+        engineLoad(null, param);
+    }
+
+    void engineLoad(InputStream stream, KeyStore.LoadStoreParameter param)
+                throws IOException, NoSuchAlgorithmException,
+                CertificateException {
 
         if (param == null) {
             engineLoad((InputStream)null, (char[])null);
@@ -425,7 +431,7 @@
             throw new NoSuchAlgorithmException("ProtectionParameter must"
                 + " be PasswordProtection or CallbackHandlerProtection");
         }
-        engineLoad(null, password);
+        engineLoad(stream, password);
         return;
     }
 
--- a/test/jdk/java/security/KeyStore/ProbeKeystores.java	Thu Jan 18 16:15:16 2018 -0800
+++ b/test/jdk/java/security/KeyStore/ProbeKeystores.java	Fri Jan 19 09:49:35 2018 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8044445
+ * @bug 8044445 8194307
  * @summary test new methods from JEP-229: Create PKCS12 Keystores by Default
  */
 
@@ -37,9 +37,26 @@
 public class ProbeKeystores {
     private static final char[] PASSWORD = "changeit".toCharArray();
     private static final char[] BAD_PASSWORD = "badpasword".toCharArray();
+    private static final LoadStoreParameter LOAD_STORE_PARAM =
+        new MyLoadStoreParameter(new PasswordProtection(PASSWORD));
+    private static final LoadStoreParameter BAD_LOAD_STORE_PARAM =
+        new MyLoadStoreParameter(new PasswordProtection(BAD_PASSWORD));
     private static final String DIR = System.getProperty("test.src", ".");
     private static final String CERT_FILE = "trusted.pem";
 
+    private static class MyLoadStoreParameter implements LoadStoreParameter {
+
+        private ProtectionParameter protection;
+
+        MyLoadStoreParameter(ProtectionParameter protection) {
+            this.protection = protection;
+        }
+
+        public ProtectionParameter getProtectionParameter() {
+            return protection;
+        }
+    }
+
     public static final void main(String[] args) throws Exception {
 
         // Testing empty keystores
@@ -173,6 +190,23 @@
         } catch (IOException e) {
             System.out.println("Failed to load a " + type + " keystore named '" + file + "' (as expected)");
         }
+
+        // Now try with the correct password within a LoadStoreParameter
+        ks = KeyStore.getInstance(new File(file), LOAD_STORE_PARAM);
+        if (!type.equalsIgnoreCase(ks.getType())) {
+            throw new Exception("ERROR: expected a " + type + " keystore, " +
+                "got a " + ks.getType() + " keystore instead");
+        } else {
+            System.out.println("Probed a " + type + " keystore named '" + file + "'");
+        }
+
+        // Next try with an incorrect password within a LoadStoreParameter
+        try {
+            ks = KeyStore.getInstance(new File(file), BAD_LOAD_STORE_PARAM);
+            throw new Exception("ERROR: expected an exception but got success");
+        } catch (IOException e) {
+            System.out.println("Failed to load a " + type + " keystore named '" + file + "' (as expected)");
+        }
     }
 
     // Instantiate a keystore by probing the supplied file for the keystore type