OpenJDK / amber / amber
changeset 10438:9607eb55d49f
Merge
| author | michaelm |
|---|---|
| date | Fri, 09 Sep 2011 14:14:01 +0100 |
| parents | dfca69ed7f87 4288852bdda6 |
| children | b36f86ad26e1 |
| files | |
| diffstat | 2 files changed, 75 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java Fri Sep 09 14:04:44 2011 +0100 +++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java Fri Sep 09 14:14:01 2011 +0100 @@ -1141,17 +1141,14 @@ if (token) { keyStore.store(null, null); } else { - FileOutputStream fout = null; - try { - fout = (nullStream ? - (FileOutputStream)null : - new FileOutputStream(ksfname)); - keyStore.store - (fout, - (storePassNew!=null) ? storePassNew : storePass); - } finally { - if (fout != null) { - fout.close(); + char[] pass = (storePassNew!=null) ? storePassNew : storePass; + if (nullStream) { + keyStore.store(null, pass); + } else { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + keyStore.store(bout, pass); + try (FileOutputStream fout = new FileOutputStream(ksfname)) { + fout.write(bout.toByteArray()); } } } @@ -1399,7 +1396,7 @@ private char[] promptForKeyPass(String alias, String orig, char[] origPass) throws Exception{ if (P12KEYSTORE.equalsIgnoreCase(storetype)) { return origPass; - } else if (!token) { + } else if (!token && !protectedPath) { // Prompt for key password int count; for (count = 0; count < 3; count++) { @@ -1446,7 +1443,7 @@ } } } - return null; // PKCS11 + return null; // PKCS11, MSCAPI, or -protected } /** * Creates a new secret key.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/tools/keytool/trystore.sh Fri Sep 09 14:14:01 2011 +0100 @@ -0,0 +1,65 @@ +# +# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# @test +# @bug 7047200 +# @summary keytool can try save to a byte array before overwrite the file + +if [ "${TESTJAVA}" = "" ] ; then + JAVAC_CMD=`which javac` + TESTJAVA=`dirname $JAVAC_CMD`/.. +fi + +# set platform-dependent variables +OS=`uname -s` +case "$OS" in + Windows_* ) + FS="\\" + ;; + * ) + FS="/" + ;; +esac + +rm trystore.jks 2> /dev/null + +KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool -storetype jks -keystore trystore.jks" +$KEYTOOL -genkeypair -alias a -dname CN=A -storepass changeit -keypass changeit +$KEYTOOL -genkeypair -alias b -dname CN=B -storepass changeit -keypass changeit + +# We use -protected for JKS keystore. This is illegal so the command should +# fail. Then we can check if the keystore is damaged. + +$KEYTOOL -genkeypair -protected -alias b -delete -debug + +if [ $? = 0 ]; then + echo "What? -protected works for JKS?" + exit 1 +fi + +$KEYTOOL -list -storepass changeit + +if [ $? != 0 ]; then + echo "Keystore file damaged" + exit 2 +fi