1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8167371: KeyStoreSpi.engineSetEntry should throw an Exception if password protection alg is specified

Browse Source 
Reviewed-by: xuelei, mullan
This commit is contained in:
Vinnie Ryan 2016-10-13 12:37:42 +01:00
parent 410b8c8f8f
commit 02ca9985fc
2 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java
View File

@ -479,6 +479,10 @@ public abstract class KeyStoreSpi {
} else if (engineIsKeyEntry(alias)) {
KeyStore.PasswordProtection pp =
(KeyStore.PasswordProtection)protParam;
if (pp.getProtectionAlgorithm() != null) {
throw new KeyStoreException(
"unsupported password protection algorithm");
}
char[] password = pp.getPassword();
Key key = engineGetKey(alias, password);
@ -524,6 +528,10 @@ public abstract class KeyStoreSpi {
KeyStore.PasswordProtection pProtect = null;
if (protParam != null) {
pProtect = (KeyStore.PasswordProtection)protParam;
if (pProtect.getProtectionAlgorithm() != null) {
throw new KeyStoreException(
"unsupported password protection algorithm");
}
}
// set entry

44
jdk/test/java/security/KeyStore/TestKeyStoreBasic.java
View File

@ -40,7 +40,7 @@ import java.util.Base64;
/*
* @test
* @bug 8048621 8133090
* @bug 8048621 8133090 8167371
* @summary Test basic operations with keystores (jks, jceks, pkcs12)
* @author Yu-Ching Valerie PENG
*/
@ -116,6 +116,8 @@ public class TestKeyStoreBasic {
};
private static final String ALIAS_HEAD = "test";
private static final String CRYPTO_ALG = "PBEWithHmacSHA256AndAES_128";
public static void main(String args[]) throws Exception {
TestKeyStoreBasic jstest = new TestKeyStoreBasic();
jstest.run();
@ -125,7 +127,7 @@ public class TestKeyStoreBasic {
for (String provider : PROVIDERS) {
try {
runTest(provider);
System.out.println("Test with provider " + provider + "passed");
System.out.println("Test with provider " + provider + " passed");
} catch (java.security.KeyStoreException e) {
if (provider.equals("SunPKCS11-Solaris")) {
System.out.println("KeyStoreException is expected: "
@ -236,6 +238,44 @@ public class TestKeyStoreBasic {
// compare the creation date of the 2 key stores for all aliases
compareCreationDate(ks, ks2, numEntries);
// check setEntry/getEntry with a password protection algorithm
if ("PKCS12".equalsIgnoreCase(ks.getType())) {
System.out.println(
"Skipping the setEntry/getEntry check for PKCS12 keystore...");
return;
}
String alias = ALIAS_HEAD + ALIAS_HEAD;
KeyStore.PasswordProtection pw =
new KeyStore.PasswordProtection(PASSWD2, CRYPTO_ALG, null);
KeyStore.PrivateKeyEntry entry =
new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{ cert });
checkSetEntry(ks, alias, pw, entry);
ks.setEntry(alias, entry, new KeyStore.PasswordProtection(PASSWD2));
checkGetEntry(ks, alias, pw);
}
// check setEntry with a password protection algorithm
private void checkSetEntry(KeyStore ks, String alias,
KeyStore.PasswordProtection pw, KeyStore.Entry entry) throws Exception {
try {
ks.setEntry(alias, entry, pw);
throw new Exception(
"ERROR: expected KeyStore.setEntry to throw an exception");
} catch (KeyStoreException e) {
// ignore the expected exception
}
}
// check getEntry with a password protection algorithm
private void checkGetEntry(KeyStore ks, String alias,
KeyStore.PasswordProtection pw) throws Exception {
try {
ks.getEntry(alias, pw);
throw new Exception(
"ERROR: expected KeyStore.getEntry to throw an exception");
} catch (KeyStoreException e) {
// ignore the expected exception
}
}
// check key store type