8231107: Allow store password to be null when saving a PKCS12 KeyStore #5950
Conversation
…enc certs not easy 8231107: Storing PKCS12 keystore without integrity protection and no enc certs not easy
|
👋 Welcome back weijun! A progress list of the required criteria for merging this PR into |
|
/csr |
openjdk
bot
added
rfr
|
@wangweij this pull request will not be integrated until the CSR request JDK-8274862 for issue JDK-8231107 has been approved. |
wangweij
changed the title
Webrevs
|
| ks.store(fos, new char[1]); | ||
| } | ||
|
|
||
| // 8202299: interop before new char[0] and new char[1] |
There was a problem hiding this comment.
Can you make this comment more descriptive? Not sure what "before" means. Is this just making sure you can store a keystore and key entry with "\0" as the password and load it back with ""? Should you also try to load it back with "\0" too?
There was a problem hiding this comment.
Typo: s/before/between/.
I'll add one with "\0". That should always work since it's the same password used in load() and store().
| @@ -23,7 +23,7 @@ | |||
|
|
|||
| /* | |||
| * @test | |||
| * @bug 8202299 | |||
| * @bug 8202299 8231107 | |||
| * @modules java.base/sun.security.tools.keytool | |||
There was a problem hiding this comment.
I'll update the existing summary to @summary Testing empty (null, "", "\0") password behaviors.
| @@ -23,7 +23,7 @@ | |||
|
|
|||
| /* | |||
| * @test | |||
| * @bug 8202299 | |||
| * @bug 8202299 8231107 | |||
| * @modules java.base/sun.security.tools.keytool | |||
| ks.store(fos, new char[1]); | ||
| } | ||
|
|
||
| // 8202299: interop before new char[0] and new char[1] |
|
@wangweij This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 630 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
/integrate |
|
Going to push as commit 7049c13.
Your commit was automatically rebased without conflicts. |
openjdk
bot
added
integrated
You can create a password-less PKCS12 KeyStore file now by calling
ks.store(outStream, null)no matter what the default cert protection algorithm and Mac algorithm are defined injava.security.Note: the system properties set in
ToolsJDK.gmkto generatecacertsmust be retained (at the moment) because the tool is launched with BOOT_JDK.Progress
Issues
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/5950/head:pull/5950$ git checkout pull/5950Update a local copy of the PR:
$ git checkout pull/5950$ git pull https://git.openjdk.java.net/jdk pull/5950/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 5950View PR using the GUI difftool:
$ git pr show -t 5950Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/5950.diff