Mercurial > hg > openjdk > bsd-port > jdk
changeset 8794:ce5ccb4e7938
8007483: attributes are ignored when loading keys from a PKCS12 keystore
Reviewed-by: mullan
author | vinnie |
---|---|
date | Tue, 21 Nov 2017 07:53:28 +0000 |
parents | c92db09aed60 |
children | a14bda2aebcf |
files | src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java test/sun/security/pkcs12/StorePasswordTest.java |
diffstat | 2 files changed, 25 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Tue Nov 21 07:37:02 2017 +0000 +++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Tue Nov 21 07:53:28 2017 +0000 @@ -1048,7 +1048,7 @@ if (privateKeyCount > 0 || secretKeyCount > 0) { if (debug != null) { - debug.println("Storing " + privateKeyCount + + debug.println("Storing " + (privateKeyCount + secretKeyCount) + " protected key(s) in a PKCS#7 data content-type"); } @@ -2076,6 +2076,7 @@ SecretKeyEntry kEntry = new SecretKeyEntry(); kEntry.protectedSecretKey = secretValue.getOctetString(); bagItem = kEntry; + secretKeyCount++; } else { if (debug != null) { @@ -2175,6 +2176,10 @@ if (bagItem instanceof PrivateKeyEntry) { keyList.add((PrivateKeyEntry) entry); } + if (entry.attributes == null) { + entry.attributes = new HashSet<>(); + } + entry.attributes.addAll(attributes); if (alias == null) { alias = getUnfriendlyName(); }
--- a/test/sun/security/pkcs12/StorePasswordTest.java Tue Nov 21 07:37:02 2017 +0000 +++ b/test/sun/security/pkcs12/StorePasswordTest.java Tue Nov 21 07:53:28 2017 +0000 @@ -25,6 +25,7 @@ * @test * @bug 8005408 * @summary KeyStore API enhancements + * @compile -XDignore.symbol.file StorePasswordTest.java */ import java.io.*; @@ -34,6 +35,10 @@ import javax.crypto.spec.*; import java.security.spec.InvalidKeySpecException; +import sun.misc.JavaSecurityKeyStoreAccess; +import sun.misc.SharedSecrets; +import sun.security.pkcs12.PKCS12Attribute; + // Store a password in a keystore and retrieve it again. public class StorePasswordTest { @@ -51,8 +56,14 @@ keystore.load(null, null); // Set entry + Set<PKCS12Attribute> attrs = new HashSet<>(); + attrs.add(new PKCS12Attribute("1.3.5.7.9", "printable1")); + attrs.add(new PKCS12Attribute("2.4.6.8.10", "1F:2F:3F:4F:5F")); + int originalAttrCount = attrs.size() + 2; + JavaSecurityKeyStoreAccess jsksa = + SharedSecrets.getJavaSecurityKeyStoreAccess(); keystore.setEntry(ALIAS, - new KeyStore.SecretKeyEntry(convertPassword(USER_PASSWORD)), + jsksa.constructSecretKeyEntry(convertPassword(USER_PASSWORD), attrs), new KeyStore.PasswordProtection(PASSWORD)); try (FileOutputStream outStream = new FileOutputStream(KEYSTORE)) { @@ -69,7 +80,13 @@ KeyStore.Entry entry = keystore.getEntry(ALIAS, new KeyStore.PasswordProtection(PASSWORD)); - System.out.println("Retrieved entry: " + entry); + int attrCount = + jsksa.getSecretKeyEntryAttributes((KeyStore.SecretKeyEntry) entry).size(); + System.out.println("Retrieved entry with " + attrCount + " attrs: " + + entry); + if (attrCount != originalAttrCount) { + throw new Exception("Failed to recover all the entry attributes"); + } SecretKey key = (SecretKey) keystore.getKey(ALIAS, PASSWORD); SecretKeyFactory factory =