# HG changeset patch # User vinnie # Date 1442595268 -3600 # Node ID a58579b3e84504be7d0257b1dd488c3d6a940b15 # Parent db2f9bbb40f6fbd4c29baf01fb1e10c2af3f5c6d 8136534: Loading JKS keystore using non-null InputStream results in closed stream Reviewed-by: mullan, wetmore diff -r db2f9bbb40f6 -r a58579b3e845 src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java --- a/src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java Thu Sep 17 22:46:04 2015 -0400 +++ b/src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java Fri Sep 18 17:54:28 2015 +0100 @@ -210,62 +210,60 @@ } else { // First try the primary keystore then try the secondary keystore - try (InputStream bufferedStream = new BufferedInputStream(stream)) { - bufferedStream.mark(Integer.MAX_VALUE); + InputStream bufferedStream = new BufferedInputStream(stream); + bufferedStream.mark(Integer.MAX_VALUE); + + try { + keystore = primaryKeyStore.newInstance(); + type = primaryType; + keystore.engineLoad(bufferedStream, password); + + } catch (Exception e) { + + // incorrect password + if (e instanceof IOException && + e.getCause() instanceof UnrecoverableKeyException) { + throw (IOException)e; + } try { - keystore = primaryKeyStore.newInstance(); - type = primaryType; - keystore.engineLoad(bufferedStream, password); - - } catch (Exception e) { - - // incorrect password - if (e instanceof IOException && - e.getCause() instanceof UnrecoverableKeyException) { - throw (IOException)e; + // Ignore secondary keystore when no compatibility mode + if (!compatModeEnabled) { + throw e; } - try { - // Ignore secondary keystore when no compatibility mode - if (!compatModeEnabled) { - throw e; - } + keystore = secondaryKeyStore.newInstance(); + type = secondaryType; + bufferedStream.reset(); + keystore.engineLoad(bufferedStream, password); - keystore = secondaryKeyStore.newInstance(); - type = secondaryType; - bufferedStream.reset(); - keystore.engineLoad(bufferedStream, password); + if (debug != null) { + debug.println("WARNING: switching from " + + primaryType + " to " + secondaryType + + " keystore file format has altered the " + + "keystore security level"); + } - if (debug != null) { - debug.println("WARNING: switching from " + - primaryType + " to " + secondaryType + - " keystore file format has altered the " + - "keystore security level"); - } + } catch (InstantiationException | + IllegalAccessException e2) { + // can safely ignore - } catch (InstantiationException | - IllegalAccessException e2) { - // can safely ignore - - } catch (IOException | - NoSuchAlgorithmException | - CertificateException e3) { + } catch (IOException | + NoSuchAlgorithmException | + CertificateException e3) { - // incorrect password - if (e3 instanceof IOException && - e3.getCause() instanceof - UnrecoverableKeyException) { - throw (IOException)e3; - } - // rethrow the outer exception - if (e instanceof IOException) { - throw (IOException)e; - } else if (e instanceof CertificateException) { - throw (CertificateException)e; - } else if (e instanceof NoSuchAlgorithmException) { - throw (NoSuchAlgorithmException)e; - } + // incorrect password + if (e3 instanceof IOException && + e3.getCause() instanceof UnrecoverableKeyException) { + throw (IOException)e3; + } + // rethrow the outer exception + if (e instanceof IOException) { + throw (IOException)e; + } else if (e instanceof CertificateException) { + throw (CertificateException)e; + } else if (e instanceof NoSuchAlgorithmException) { + throw (NoSuchAlgorithmException)e; } } } diff -r db2f9bbb40f6 -r a58579b3e845 test/java/security/KeyStore/CheckInputStream.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/KeyStore/CheckInputStream.java Fri Sep 18 17:54:28 2015 +0100 @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8136534 + * @summary The input stream supplied to KeyStore.load should remain open. + */ + +import java.io.*; +import java.security.*; + +public class CheckInputStream { + private final static String DIR = System.getProperty("test.src", "."); + private static final char[] PASSWORD = "passphrase".toCharArray(); + private static final String KEYSTORE = DIR + "/keystore.jks"; + + public static final void main(String[] args) throws Exception { + + KeyStore keystore = KeyStore.getInstance("JKS"); + try (FileInputStream inStream = new FileInputStream(KEYSTORE)) { + System.out.println("Loading JKS keystore: " + KEYSTORE); + keystore.load(inStream, PASSWORD); + // check that the stream is still open + inStream.available(); + System.out.println("OK"); + } + } +}