Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified #3764

Closed
wants to merge 2 commits into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
@@ -933,16 +933,27 @@ void doCommands(PrintStream out) throws Exception {
}
}

// Create new keystore
// Probe for keystore type when filename is available
if (ksfile != null && ksStream != null && providerName == null &&
storetype == null && !inplaceImport) {
keyStore = KeyStore.getInstance(ksfile, storePass);
storetype = keyStore.getType();
!inplaceImport) {
// existing keystore
if (storetype == null) {
// Probe for keystore type when filename is available
keyStore = KeyStore.getInstance(ksfile, storePass);
storetype = keyStore.getType();
} else {
keyStore = KeyStore.getInstance(storetype);
// storePass might be null here, will probably prompt later
keyStore.load(ksStream, storePass);
}
if (storetype.equalsIgnoreCase("pkcs12")) {
isPasswordlessKeyStore = PKCS12KeyStore.isPasswordless(ksfile);
try {
isPasswordlessKeyStore = PKCS12KeyStore.isPasswordless(ksfile);
} catch (IOException ioe) {
// This must be a JKS keystore that's opened as a PKCS12
}
}
} else {
// Create new keystore
if (storetype == null) {
storetype = KeyStore.getDefaultType();
}
@@ -985,11 +996,9 @@ void doCommands(PrintStream out) throws Exception {
if (inplaceImport) {
keyStore.load(null, storePass);
} else {
// both ksStream and storePass could be null
keyStore.load(ksStream, storePass);
}
if (ksStream != null) {
ksStream.close();
}
}
}

@@ -1086,9 +1095,10 @@ && isKeyStoreRelated(command)
if (nullStream) {
keyStore.load(null, storePass);
} else if (ksStream != null) {
ksStream = new FileInputStream(ksfile);
keyStore.load(ksStream, storePass);
ksStream.close();
// Reload with user-provided password
try (FileInputStream fis = new FileInputStream(ksfile)) {
keyStore.load(fis, storePass);
}
}
}

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@

/*
* @test
* @bug 8192988
* @bug 8192988 8266220
* @summary keytool should support -storepasswd for pkcs12 keystores
* @library /test/lib
* @build jdk.test.lib.SecurityTools
@@ -134,6 +134,21 @@ public static void main(String[] args) throws Exception {
.shouldHaveExitValue(0);

check("jks", "newpass", "newerpass");

// A password-less keystore
ktFull("-keystore nopass -genkeypair -keyalg EC "
+ "-storepass changeit -alias no -dname CN=no "
+ "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE "
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE")
.shouldHaveExitValue(0);

ktFull("-keystore nopass -list")
.shouldHaveExitValue(0)
.shouldNotContain("Enter keystore password:");

ktFull("-keystore nopass -list -storetype pkcs12")
.shouldHaveExitValue(0)
.shouldNotContain("Enter keystore password:");
}

// Makes sure we can load entries in a keystore