1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8218553: Enhance keystore load debug output

Browse Source 
Reviewed-by: weijun
This commit is contained in:
Sean Coffey 2019-02-07 12:09:17 +00:00
parent 208c58c862
commit 63663b64d1
6 changed files with 52 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/java.base/macosx/classes/apple/security/KeychainStore.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -102,6 +102,8 @@ public final class KeychainStore extends KeyStoreSpi {
private static final int iterationCount = 1024; private static final int iterationCount = 1024;
private static final int SALT_LEN = 20; private static final int SALT_LEN = 20;
private static final Debug debug = Debug.getInstance("keystore");
static { static {
AccessController.doPrivileged( AccessController.doPrivileged(
new PrivilegedAction<Void>() { new PrivilegedAction<Void>() {
@ -773,6 +775,10 @@ public final class KeychainStore extends KeyStoreSpi {
entries.clear(); entries.clear();
_scanKeychain(); _scanKeychain();
if (debug != null) {
debug.println("KeychainStore load entry count: " +
entries.size());
}
} }
} }

22
src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package com.sun.crypto.provider; package com.sun.crypto.provider;
import sun.security.util.Debug;
import java.io.*; import java.io.*;
import java.util.*; import java.util.*;
import java.security.AccessController; import java.security.AccessController;
@ -59,6 +61,7 @@ import javax.crypto.SealedObject;
public final class JceKeyStore extends KeyStoreSpi { public final class JceKeyStore extends KeyStoreSpi {
private static final Debug debug = Debug.getInstance("keystore");
private static final int JCEKS_MAGIC = 0xcececece; private static final int JCEKS_MAGIC = 0xcececece;
private static final int JKS_MAGIC = 0xfeedfeed; private static final int JKS_MAGIC = 0xfeedfeed;
private static final int VERSION_1 = 0x01; private static final int VERSION_1 = 0x01;
@ -680,6 +683,7 @@ public final class JceKeyStore extends KeyStoreSpi {
Hashtable<String, CertificateFactory> cfs = null; Hashtable<String, CertificateFactory> cfs = null;
ByteArrayInputStream bais = null; ByteArrayInputStream bais = null;
byte[] encoded = null; byte[] encoded = null;
int trustedKeyCount = 0, privateKeyCount = 0, secretKeyCount = 0;
if (stream == null) if (stream == null)
return; return;
@ -726,7 +730,7 @@ public final class JceKeyStore extends KeyStoreSpi {
tag = dis.readInt(); tag = dis.readInt();
if (tag == 1) { // private-key entry if (tag == 1) { // private-key entry
privateKeyCount++;
PrivateKeyEntry entry = new PrivateKeyEntry(); PrivateKeyEntry entry = new PrivateKeyEntry();
// read the alias // read the alias
@ -786,7 +790,7 @@ public final class JceKeyStore extends KeyStoreSpi {
entries.put(alias, entry); entries.put(alias, entry);
} else if (tag == 2) { // trusted certificate entry } else if (tag == 2) { // trusted certificate entry
trustedKeyCount++;
TrustedCertEntry entry = new TrustedCertEntry(); TrustedCertEntry entry = new TrustedCertEntry();
// read the alias // read the alias
@ -825,7 +829,7 @@ public final class JceKeyStore extends KeyStoreSpi {
entries.put(alias, entry); entries.put(alias, entry);
} else if (tag == 3) { // secret-key entry } else if (tag == 3) { // secret-key entry
secretKeyCount++;
SecretKeyEntry entry = new SecretKeyEntry(); SecretKeyEntry entry = new SecretKeyEntry();
// read the alias // read the alias
@ -858,10 +862,18 @@ public final class JceKeyStore extends KeyStoreSpi {
entries.put(alias, entry); entries.put(alias, entry);
} else { } else {
throw new IOException("Unrecognized keystore entry"); throw new IOException("Unrecognized keystore entry: " +
tag);
} }
} }
if (debug != null) {
debug.println("JceKeyStore load: private key count: " +
privateKeyCount + ". trusted key count: " +
trustedKeyCount + ". secret key count: " +
secretKeyCount);
}
/* /*
* If a password has been provided, we check the keyed digest * If a password has been provided, we check the keyed digest
* at the end. If this check fails, the store has been tampered * at the end. If this check fails, the store has been tampered

15
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
View File

@ -2231,18 +2231,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
} }
if (debug != null) { if (debug != null) {
if (privateKeyCount > 0) { debug.println("PKCS12KeyStore load: private key count: " +
debug.println("Loaded " + privateKeyCount + privateKeyCount + ". secret key count: " + secretKeyCount +
" protected private key(s)"); ". certificate count: " + certificateCount);
}
if (secretKeyCount > 0) {
debug.println("Loaded " + secretKeyCount +
" protected secret key(s)");
}
if (certificateCount > 0) {
debug.println("Loaded " + certificateCount +
" certificate(s)");
}
} }
certEntries.clear(); certEntries.clear();

17
src/java.base/share/classes/sun/security/provider/JavaKeyStore.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -34,6 +34,7 @@ import java.util.*;
import sun.security.pkcs.EncryptedPrivateKeyInfo; import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.pkcs12.PKCS12KeyStore; import sun.security.pkcs12.PKCS12KeyStore;
import sun.security.util.Debug;
import sun.security.util.IOUtils; import sun.security.util.IOUtils;
import sun.security.util.KeyStoreDelegator; import sun.security.util.KeyStoreDelegator;
@ -74,6 +75,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
} }
} }
private static final Debug debug = Debug.getInstance("keystore");
private static final int MAGIC = 0xfeedfeed; private static final int MAGIC = 0xfeedfeed;
private static final int VERSION_1 = 0x01; private static final int VERSION_1 = 0x01;
private static final int VERSION_2 = 0x02; private static final int VERSION_2 = 0x02;
@ -643,6 +645,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
Hashtable<String, CertificateFactory> cfs = null; Hashtable<String, CertificateFactory> cfs = null;
ByteArrayInputStream bais = null; ByteArrayInputStream bais = null;
byte[] encoded = null; byte[] encoded = null;
int trustedKeyCount = 0, privateKeyCount = 0;
if (stream == null) if (stream == null)
return; return;
@ -681,7 +684,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
tag = dis.readInt(); tag = dis.readInt();
if (tag == 1) { // private key entry if (tag == 1) { // private key entry
privateKeyCount++;
KeyEntry entry = new KeyEntry(); KeyEntry entry = new KeyEntry();
// Read the alias // Read the alias
@ -730,7 +733,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
entries.put(alias, entry); entries.put(alias, entry);
} else if (tag == 2) { // trusted certificate entry } else if (tag == 2) { // trusted certificate entry
trustedKeyCount++;
TrustedCertEntry entry = new TrustedCertEntry(); TrustedCertEntry entry = new TrustedCertEntry();
// Read the alias // Read the alias
@ -765,10 +768,16 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
entries.put(alias, entry); entries.put(alias, entry);
} else { } else {
throw new IOException("Unrecognized keystore entry"); throw new IOException("Unrecognized keystore entry: " +
tag);
} }
} }
if (debug != null) {
debug.println("JavaKeyStore load: private key count: " +
privateKeyCount + ". trusted key count: " + trustedKeyCount);
}
/* /*
* If a password has been provided, we check the keyed digest * If a password has been provided, we check the keyed digest
* at the end. If this check fails, the store has been tampered * at the end. If this check fails, the store has been tampered

4
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -772,6 +772,8 @@ final class P11KeyStore extends KeyStoreSpi {
} }
if (debug != null) { if (debug != null) {
dumpTokenMap(); dumpTokenMap();
debug.println("P11KeyStore load. Entry count: " +
aliasMap.size());
} }
} catch (KeyStoreException | PKCS11Exception e) { } catch (KeyStoreException | PKCS11Exception e) {
throw new IOException("load failed", e); throw new IOException("load failed", e);

10
src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyStore.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -45,6 +45,8 @@ import java.security.cert.CertificateFactory;
import java.security.interfaces.RSAPrivateCrtKey; import java.security.interfaces.RSAPrivateCrtKey;
import java.util.*; import java.util.*;
import sun.security.util.Debug;
/** /**
* Implementation of key store for Windows using the Microsoft Crypto API. * Implementation of key store for Windows using the Microsoft Crypto API.
* *
@ -180,6 +182,7 @@ abstract class CKeyStore extends KeyStoreSpi {
private static final String KEYSTORE_COMPATIBILITY_MODE_PROP = private static final String KEYSTORE_COMPATIBILITY_MODE_PROP =
"sun.security.mscapi.keyStoreCompatibilityMode"; "sun.security.mscapi.keyStoreCompatibilityMode";
private final boolean keyStoreCompatibilityMode; private final boolean keyStoreCompatibilityMode;
private static final Debug debug = Debug.getInstance("keystore");
/* /*
* The keystore entries. * The keystore entries.
@ -710,6 +713,11 @@ abstract class CKeyStore extends KeyStoreSpi {
} catch (KeyStoreException e) { } catch (KeyStoreException e) {
throw new IOException(e); throw new IOException(e);
} }
if (debug != null) {
debug.println("MSCAPI keystore load: entry count: " +
entries.size());
}
} }
/** /**