# HG changeset patch # User vinnie # Date 1444837543 -3600 # Node ID 58de21cbceaf8a5615fb812046ed161cb72a62a4 # Parent 6211b148f8e1f8934da4b9d98c8afaaa2f9f9fd6 8136534: Loading JKS keystore using non-null InputStream results in closed stream Reviewed-by: mullan, wetmore diff -r 6211b148f8e1 -r 58de21cbceaf src/share/classes/sun/security/provider/KeyStoreDelegator.java --- a/src/share/classes/sun/security/provider/KeyStoreDelegator.java Tue Nov 21 08:27:06 2017 +0000 +++ b/src/share/classes/sun/security/provider/KeyStoreDelegator.java Wed Oct 14 16:45:43 2015 +0100 @@ -216,57 +216,55 @@ } else { // First try the primary keystore then try the secondary keystore - try (InputStream bufferedStream = new BufferedInputStream(stream)) { - bufferedStream.mark(Integer.MAX_VALUE); + InputStream bufferedStream = new BufferedInputStream(stream); + bufferedStream.mark(Integer.MAX_VALUE); + try { + keystore = primaryKeyStore.newInstance(); + type = primaryType; + keystore.engineLoad(bufferedStream, password); + + } catch (Exception e) { + + // incorrect password + if (e instanceof IOException && + e.getCause() instanceof UnrecoverableKeyException) { + throw (IOException)e; + } try { - keystore = primaryKeyStore.newInstance(); - type = primaryType; + keystore = secondaryKeyStore.newInstance(); + type = secondaryType; + bufferedStream.reset(); keystore.engineLoad(bufferedStream, password); - } catch (Exception e) { - - // incorrect password - if (e instanceof IOException && - e.getCause() instanceof UnrecoverableKeyException) { - throw (IOException)e; + if (debug != null) { + debug.println("WARNING: switching from " + + primaryType + " to " + secondaryType + + " keystore file format has altered the " + + "keystore security level"); } - try { - keystore = secondaryKeyStore.newInstance(); - type = secondaryType; - bufferedStream.reset(); - keystore.engineLoad(bufferedStream, password); + } catch (InstantiationException | + IllegalAccessException e2) { + // can safely ignore - if (debug != null) { - debug.println("WARNING: switching from " + - primaryType + " to " + secondaryType + - " keystore file format has altered the " + - "keystore security level"); - } - - } catch (InstantiationException | - IllegalAccessException e2) { - // can safely ignore + } catch (IOException | + NoSuchAlgorithmException | + CertificateException e3) { - } catch (IOException | - NoSuchAlgorithmException | - CertificateException e3) { - - // incorrect password - if (e3 instanceof IOException && - e3.getCause() instanceof - UnrecoverableKeyException) { - throw (IOException)e3; - } - // rethrow the outer exception - if (e instanceof IOException) { - throw (IOException)e; - } else if (e instanceof CertificateException) { - throw (CertificateException)e; - } else if (e instanceof NoSuchAlgorithmException) { - throw (NoSuchAlgorithmException)e; - } + // incorrect password + if (e3 instanceof IOException && + e3.getCause() instanceof + UnrecoverableKeyException) { + throw (IOException)e3; + } + // rethrow the outer exception + if (e instanceof IOException) { + throw (IOException)e; + } else if (e instanceof CertificateException) { + throw (CertificateException)e; + } else if (e instanceof NoSuchAlgorithmException) { + throw (NoSuchAlgorithmException)e; } } } diff -r 6211b148f8e1 -r 58de21cbceaf test/java/security/KeyStore/CheckInputStream.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/KeyStore/CheckInputStream.java Wed Oct 14 16:45:43 2015 +0100 @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8136534 + * @summary The input stream supplied to KeyStore.load should remain open. + */ + +import java.io.*; +import java.security.*; + +public class CheckInputStream { + private final static String DIR = System.getProperty("test.src", "."); + private static final char[] PASSWORD = "passphrase".toCharArray(); + private static final String KEYSTORE = DIR + "/keystore.jks"; + + public static final void main(String[] args) throws Exception { + + KeyStore keystore = KeyStore.getInstance("JKS"); + try (FileInputStream inStream = new FileInputStream(KEYSTORE)) { + System.out.println("Loading JKS keystore: " + KEYSTORE); + keystore.load(inStream, PASSWORD); + // check that the stream is still open + inStream.available(); + System.out.println("OK"); + } + } +}