Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8225181: KeyStore should have a getAttributes method #6026

Closed
wants to merge 7 commits into from

Conversation

wangweij
Copy link
Contributor

@wangweij wangweij commented Oct 20, 2021

Add KeyStore::getAttributes so that one can get the attributes of an entry without retrieving the entry first. This is especially useful for a private key entry which can only be retrieved with a password.


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed
  • Change requires a CSR request to be approved

Issues

  • JDK-8225181: KeyStore should have a getAttributes method
  • JDK-8275748: KeyStore should have a getAttributes method (CSR)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/6026/head:pull/6026
$ git checkout pull/6026

Update a local copy of the PR:
$ git checkout pull/6026
$ git pull https://git.openjdk.java.net/jdk pull/6026/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 6026

View PR using the GUI difftool:
$ git pr show -t 6026

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/6026.diff

8225181: KeyStore should have a getAttributes method
@bridgekeeper
Copy link

bridgekeeper bot commented Oct 20, 2021

👋 Welcome back weijun! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr Pull request is ready for review label Oct 20, 2021
@openjdk
Copy link

openjdk bot commented Oct 20, 2021

@wangweij The following label will be automatically applied to this pull request:

  • security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added the security security-dev@openjdk.org label Oct 20, 2021
@mlbridge
Copy link

mlbridge bot commented Oct 20, 2021

Webrevs

@wangweij
Copy link
Contributor Author

wangweij commented Oct 22, 2021

/csr

@openjdk openjdk bot added the csr Pull request needs approved CSR before integration label Oct 22, 2021
@openjdk
Copy link

openjdk bot commented Oct 22, 2021

@wangweij this pull request will not be integrated until the CSR request JDK-8275748 for issue JDK-8225181 has been approved.

* attributes associated with it, or the attributes are
* not extractable (For example, if the attributes is encrypted
* in a private key entry or a secret key entry).
*
Copy link
Member

@seanjmullan seanjmullan Oct 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this would read better if you broke it up into multiple sentences, ex: "an unmodifiable {@code Set} of attributes. The set may be empty if the given alias does not exist, or the alias does exist but there are no attributes associated with it or the attributes are not extractable (for example, the attributes may not be extractable if they are encrypted in a private key or secret key entry)."

You may also want to add a sentence to try the KeyStore$Entry::getAttributes method if there are no attributes.

Did you consider throwing a KeyStoreException if they are not extractable? It would be useful to distinguish that case from an alias that has no attributes.

Copy link
Contributor Author

@wangweij wangweij Oct 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is complicated. Theoretically a KeyStore implementation can store some attributes in clear text and some encrypted, and it's probably not possible to know if there exist any encrypted ones before actually decrypting the entry. Maybe I should say "For a PrivateKeyEntry or SecretKeyEntry, some attributes might only be available after the entry is extracted by the getEntry() method. Try calling the entry's getAttributes() method to see if there are any".

Copy link
Member

@seanjmullan seanjmullan Oct 27, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, a sentence like that would help. Some suggested tweaks: "For a PrivateKeyEntry or SecretKeyEntry, some attributes may be protected and not available unless the entry is first extracted by the getEntry() method."

I don't think you need the last sentence.

Copy link
Contributor Author

@wangweij wangweij Oct 27, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if someone will interpret this as "after I've called getEntry on a private key, I can get the encrypted attributes through KeyStore::getAttributes". How about something like "and only available through the {@link KeyEntry.getAttributres} method after the entry is extracted"?

Copy link
Member

@seanjmullan seanjmullan Oct 28, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok.

Copy link
Contributor Author

@wangweij wangweij Oct 28, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New commit pushed. The words are sightly different between in KeyStore and KeyStoreSpi. CSR updated as well.

@@ -1029,12 +1029,14 @@ public final String getType()
* @param alias the alias name
* @return an unmodifiable {@code Set} of attributes, possibly empty
* if the given alias does not exist, or there is no
Copy link
Member

@seanjmullan seanjmullan Nov 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/is no/are no/

Copy link
Contributor Author

@wangweij wangweij Nov 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@@ -1029,12 +1029,14 @@ public final String getType()
* @param alias the alias name
* @return an unmodifiable {@code Set} of attributes, possibly empty
Copy link
Member

@seanjmullan seanjmullan Nov 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the alias does not exist, then is it definitely always empty? I think the word "possibly" here may be a bit misleading. Maybe reword this as:
"an unmodifiable {@code Set} of attributes." This set is empty if the given alias does not exist or there are no attributes associated with the alias. This set may also be empty for PrivateKeyEntry or SecretKeyEntry entries that contain protected attributes and are only available through the ... "

Copy link
Contributor Author

@wangweij wangweij Nov 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated as suggested. CSR updated as well.

* Retrieves the attributes associated with the given alias.
*
* @implSpec
* The default implementation returns an empty {@code Set}.
Copy link
Member

@seanjmullan seanjmullan Nov 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make more sense for the default impl to throw UnsupportedOperationException or maybe call getEntry(alias, null)? Otherwise, an application cannot know the difference between an alias that has no attributes and an alias that has attributes but is from a KeyStore impl that has not overridden the corresponding Spi method.

Copy link
Contributor Author

@wangweij wangweij Nov 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The one benefit I can think of to throw a UOE is that the caller can fallback to getEntry(...).getAttributes() when an exception is thrown. However, as far as I know, our PKCS12KeyStore is the only KeyStore implementation that has made use of attributes. Therefore it's still not late for another implementation to start supporting both at the same time. For most of the KeyStore implementations, both ks.getAttributes() and ks.getEntry(...).getAttributes() returning empty seems more consistent.

Copy link
Member

@seanjmullan seanjmullan Nov 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But we could just override those other implementations to always return an empty Set. I would prefer if an application could distinguish between these two cases w/o knowing whether the underlying implementation supports attributes or not.

@wangweij
Copy link
Contributor Author

wangweij commented Nov 4, 2021

New commit pushed. Typo, I meant "refine".

@openjdk openjdk bot removed the csr Pull request needs approved CSR before integration label Nov 30, 2021
@wangweij
Copy link
Contributor Author

wangweij commented Dec 1, 2021

New commits pushed. Except for the merge commits, the only change is method spec update to match the text in the approved CSR.

@mlbridge
Copy link

mlbridge bot commented Dec 2, 2021

Mailing list message from Michael StJohns on security-dev:

Hi -

Generically, PKCS12 doesn't require an alias (friendlyName) for a
particular Bag, but does permit it. Which means that
getAttributes(String alias) could fail on a legal PKCS12.? It may be
worthwhile to add a Set<Entry.Attribute> KeyStore::getAttributes(int
bagNumber) method.

Mike

On 11/30/2021 8:15 PM, Weijun Wang wrote:

@mlbridge
Copy link

mlbridge bot commented Dec 2, 2021

Mailing list message from Wei-Jun Wang on security-dev:

My understanding is that Java's PKCS12KeyStore will fabricate an alias string if there is no friendlyName, since every entry inside a KeyStore object must have an alias. I'll take some look tomorrow.

Thanks,
Max

On Nov 30, 2021, at 10:01 PM, Michael StJohns <mstjohns at comcast.net> wrote:

Hi -

Generically, PKCS12 doesn't require an alias (friendlyName) for a particular Bag, but does permit it. Which means that getAttributes(String alias) could fail on a legal PKCS12. It may be worthwhile to add a Set<Entry.Attribute> KeyStore::getAttributes(int bagNumber) method.

Mike

On 11/30/2021 8:15 PM, Weijun Wang wrote:

@mlbridge
Copy link

mlbridge bot commented Dec 2, 2021

Mailing list message from Michael StJohns on security-dev:

On 11/30/2021 10:07 PM, Wei-Jun Wang wrote:

My understanding is that Java's PKCS12KeyStore will fabricate an alias string if there is no friendlyName, since every entry inside a KeyStore object must have an alias. I'll take some look tomorrow.

Ah - I see it now in PKCS12KeyStore - it assigns an "unfriendlyName" as
an alias if "friendlyName" is missing - basically "0", "1", etc.

Thanks - Mike

Thanks,
Max

On Nov 30, 2021, at 10:01 PM, Michael StJohns <mstjohns at comcast.net> wrote:

Hi -

Generically, PKCS12 doesn't require an alias (friendlyName) for a particular Bag, but does permit it. Which means that getAttributes(String alias) could fail on a legal PKCS12. It may be worthwhile to add a Set<Entry.Attribute> KeyStore::getAttributes(int bagNumber) method.

Mike

On 11/30/2021 8:15 PM, Weijun Wang wrote:

@openjdk
Copy link

openjdk bot commented Dec 3, 2021

@wangweij This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8225181: KeyStore should have a getAttributes method

Reviewed-by: mullan

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 75 new commits pushed to the master branch:

  • 678ac58: 8278240: ProblemList containers/docker/TestJcmd.java on linux-aarch64
  • 01cb2b9: 8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint
  • 660f21a: 8278119: ProblemList few headful test failing in macosx12-aarch64 system
  • 2e30fa9: 8278171: [vectorapi] Mask incorrectly computed for zero extending cast
  • fbf096e: 8251400: Fix incorrect addition of library to test in JDK-8237858
  • 0a09092: 8268288: jdk/jfr/api/consumer/streaming/TestOutOfProcessMigration.java fails with "Error: ShouldNotReachHere()"
  • 0d938ce: 8278172: java/nio/channels/FileChannel/BlockDeviceSize.java should only run on Linux
  • 0e7b6bc: 8278141: LIR_OpLoadKlass::_info shadows the field of the same name from LIR_Op
  • 53a4342: 8278137: JFR: PrettyWriter uses incorrect year specifier
  • f723779: 8278079: C2: expand_dtrace_alloc_probe doesn't take effect in macro.cpp
  • ... and 65 more: https://git.openjdk.java.net/jdk/compare/7049c13cf4bf4cdfcd0c8f0fa96bf4c3748ae1e7...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Dec 3, 2021
@wangweij
Copy link
Contributor Author

wangweij commented Dec 3, 2021

/integrate

@openjdk
Copy link

openjdk bot commented Dec 3, 2021

Going to push as commit a729a70.
Since your change was applied there have been 77 commits pushed to the master branch:

  • 38f525e: 8275821: Optimize random number generators developed in JDK-8248862 using Math.unsignedMultiplyHigh()
  • 780b8b1: 8278179: Enable all doclint warnings for build of java.naming
  • 678ac58: 8278240: ProblemList containers/docker/TestJcmd.java on linux-aarch64
  • 01cb2b9: 8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint
  • 660f21a: 8278119: ProblemList few headful test failing in macosx12-aarch64 system
  • 2e30fa9: 8278171: [vectorapi] Mask incorrectly computed for zero extending cast
  • fbf096e: 8251400: Fix incorrect addition of library to test in JDK-8237858
  • 0a09092: 8268288: jdk/jfr/api/consumer/streaming/TestOutOfProcessMigration.java fails with "Error: ShouldNotReachHere()"
  • 0d938ce: 8278172: java/nio/channels/FileChannel/BlockDeviceSize.java should only run on Linux
  • 0e7b6bc: 8278141: LIR_OpLoadKlass::_info shadows the field of the same name from LIR_Op
  • ... and 67 more: https://git.openjdk.java.net/jdk/compare/7049c13cf4bf4cdfcd0c8f0fa96bf4c3748ae1e7...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot closed this Dec 3, 2021
@openjdk openjdk bot added integrated Pull request has been integrated and removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Dec 3, 2021
@openjdk
Copy link

openjdk bot commented Dec 3, 2021

@wangweij Pushed as commit a729a70.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@wangweij wangweij deleted the 8225181 branch Dec 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated Pull request has been integrated security security-dev@openjdk.org
2 participants