Mercurial > hg > openjdk > bsd-port > jdk

changeset 8794:ce5ccb4e7938

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8007483: attributes are ignored when loading keys from a PKCS12 keystore Reviewed-by: mullan
author vinnie
date Tue, 21 Nov 2017 07:53:28 +0000
parents c92db09aed60
children a14bda2aebcf
files src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java test/sun/security/pkcs12/StorePasswordTest.java
diffstat 2 files changed, 25 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Tue Nov 21 07:37:02 2017 +0000
+++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Tue Nov 21 07:53:28 2017 +0000
@@ -1048,7 +1048,7 @@
         if (privateKeyCount > 0 || secretKeyCount > 0) {
 
             if (debug != null) {
-                debug.println("Storing " + privateKeyCount +
+                debug.println("Storing " + (privateKeyCount + secretKeyCount) +
                     " protected key(s) in a PKCS#7 data content-type");
             }
 
@@ -2076,6 +2076,7 @@
                 SecretKeyEntry kEntry = new SecretKeyEntry();
                 kEntry.protectedSecretKey = secretValue.getOctetString();
                 bagItem = kEntry;
+                secretKeyCount++;
             } else {
 
                 if (debug != null) {
@@ -2175,6 +2176,10 @@
                 if (bagItem instanceof PrivateKeyEntry) {
                     keyList.add((PrivateKeyEntry) entry);
                 }
+                if (entry.attributes == null) {
+                    entry.attributes = new HashSet<>();
+                }
+                entry.attributes.addAll(attributes);
                 if (alias == null) {
                    alias = getUnfriendlyName();
                 }
--- a/test/sun/security/pkcs12/StorePasswordTest.java	Tue Nov 21 07:37:02 2017 +0000
+++ b/test/sun/security/pkcs12/StorePasswordTest.java	Tue Nov 21 07:53:28 2017 +0000
@@ -25,6 +25,7 @@
  * @test
  * @bug 8005408
  * @summary KeyStore API enhancements
+ * @compile -XDignore.symbol.file StorePasswordTest.java
  */
 
 import java.io.*;
@@ -34,6 +35,10 @@
 import javax.crypto.spec.*;
 import java.security.spec.InvalidKeySpecException;
 
+import sun.misc.JavaSecurityKeyStoreAccess;
+import sun.misc.SharedSecrets;
+import sun.security.pkcs12.PKCS12Attribute;
+
 // Store a password in a keystore and retrieve it again.
 
 public class StorePasswordTest {
@@ -51,8 +56,14 @@
         keystore.load(null, null);
 
         // Set entry
+        Set<PKCS12Attribute> attrs = new HashSet<>();
+        attrs.add(new PKCS12Attribute("1.3.5.7.9", "printable1"));
+        attrs.add(new PKCS12Attribute("2.4.6.8.10", "1F:2F:3F:4F:5F"));
+        int originalAttrCount = attrs.size() + 2;
+        JavaSecurityKeyStoreAccess jsksa =
+            SharedSecrets.getJavaSecurityKeyStoreAccess();
         keystore.setEntry(ALIAS,
-            new KeyStore.SecretKeyEntry(convertPassword(USER_PASSWORD)),
+            jsksa.constructSecretKeyEntry(convertPassword(USER_PASSWORD), attrs),
                 new KeyStore.PasswordProtection(PASSWORD));
 
         try (FileOutputStream outStream = new FileOutputStream(KEYSTORE)) {
@@ -69,7 +80,13 @@
 
         KeyStore.Entry entry = keystore.getEntry(ALIAS,
             new KeyStore.PasswordProtection(PASSWORD));
-        System.out.println("Retrieved entry: " + entry);
+        int attrCount =
+            jsksa.getSecretKeyEntryAttributes((KeyStore.SecretKeyEntry) entry).size();
+        System.out.println("Retrieved entry with " + attrCount + " attrs: " +
+            entry);
+        if (attrCount != originalAttrCount) {
+            throw new Exception("Failed to recover all the entry attributes");
+        }
 
         SecretKey key = (SecretKey) keystore.getKey(ALIAS, PASSWORD);
         SecretKeyFactory factory =