8192987: keytool should remember real storetype if it is not provided

Reviewed-by: mullan

8192987: keytool should remember real storetype if it is not provided
Reviewed-by: mullan
22489704 · igerasim · 8ddb644d · 22489704 · 22489704 · 22489704
3 changed file
--- a/src/share/classes/sun/security/tools/KeyStoreUtil.java
+++ b/src/share/classes/sun/security/tools/KeyStoreUtil.java
 /*
- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -63,8 +63,9 @@ public class KeyStoreUtil {
     * MSCAPI KeyStores
     */
    public static boolean isWindowsKeyStore(String storetype) {
-        return storetype.equalsIgnoreCase("Windows-MY")
+        return storetype != null
-                || storetype.equalsIgnoreCase("Windows-ROOT");
+                && (storetype.equalsIgnoreCase("Windows-MY")
+                    || storetype.equalsIgnoreCase("Windows-ROOT"));
    }
    /**

--- a/src/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/share/classes/sun/security/tools/keytool/Main.java
@@ -462,12 +462,12 @@ public final class Main {
                passwords.add(storePass);
            } else if (collator.compare(flags, "-storetype") == 0 ||
                    collator.compare(flags, "-deststoretype") == 0) {
-                storetype = args[++i];
+                storetype = KeyStoreUtil.niceStoreTypeName(args[++i]);
            } else if (collator.compare(flags, "-srcstorepass") == 0) {
                srcstorePass = getPass(modifier, args[++i]);
                passwords.add(srcstorePass);
            } else if (collator.compare(flags, "-srcstoretype") == 0) {
-                srcstoretype = args[++i];
+                srcstoretype = KeyStoreUtil.niceStoreTypeName(args[++i]);
            } else if (collator.compare(flags, "-srckeypass") == 0) {
                srckeyPass = getPass(modifier, args[++i]);
                passwords.add(srckeyPass);
@@ -592,16 +592,6 @@ public final class Main {
     * Execute the commands.
     */
    void doCommands(PrintStream out) throws Exception {
-        if (storetype == null) {
-            storetype = KeyStore.getDefaultType();
-        }
-        storetype = KeyStoreUtil.niceStoreTypeName(storetype);
-        if (srcstoretype == null) {
-            srcstoretype = KeyStore.getDefaultType();
-        }
-        srcstoretype = KeyStoreUtil.niceStoreTypeName(srcstoretype);
        if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
                KeyStoreUtil.isWindowsKeyStore(storetype)) {
            token = true;
@@ -626,11 +616,6 @@ public final class Main {
                        (".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}"), storetype));
        }
-        if (P12KEYSTORE.equalsIgnoreCase(storetype) && command == KEYPASSWD) {
-            throw new UnsupportedOperationException(rb.getString
-                        (".keypasswd.commands.not.supported.if.storetype.is.PKCS12"));
-        }
        if (token && (keyPass != null || newPass != null || destKeyPass != null)) {
            throw new IllegalArgumentException(MessageFormat.format(rb.getString
                (".keypass.and.new.can.not.be.specified.if.storetype.is.{0}"), storetype));
@@ -802,6 +787,9 @@ public final class Main {
        }
        // Create new keystore
+        if (storetype == null) {
+            storetype = KeyStore.getDefaultType();
+        }
        if (providerName == null) {
            keyStore = KeyStore.getInstance(storetype);
        } else {
@@ -839,6 +827,11 @@ public final class Main {
            }
        }
+        if (P12KEYSTORE.equalsIgnoreCase(storetype) && command == KEYPASSWD) {
+            throw new UnsupportedOperationException(rb.getString
+                    (".keypasswd.commands.not.supported.if.storetype.is.PKCS12"));
+        }
        // All commands that create or modify the keystore require a keystore
        // password.
@@ -2014,6 +2007,9 @@ public final class Main {
        KeyStore store;
        try {
+            if (srcstoretype == null) {
+                srcstoretype = KeyStore.getDefaultType();
+            }
            if (srcProviderName == null) {
                store = KeyStore.getInstance(srcstoretype);
            } else {

--- a/test/sun/security/tools/keytool/RealType.java
+++ b/test/sun/security/tools/keytool/RealType.java
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+/*
+ * @test
+ * @bug 8192987
+ * @summary keytool should remember real storetype if it is not provided
+ * @library /lib/testlibrary
+ * @run main/othervm RealType
+ */
+import jdk.testlibrary.SecurityTools;
+import jdk.testlibrary.OutputAnalyzer;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+public class RealType {
+    public static void main(String[] args) throws Throwable {
+        kt("-genkeypair -alias a -dname CN=A -keypass changeit -storetype jks")
+                .shouldHaveExitValue(0);
+        // -keypasswd command should be allowed on JKS
+        kt("-keypasswd -alias a -new t0ps3cr3t")
+                .shouldHaveExitValue(0);
+        Files.delete(Paths.get("ks"));
+        kt("-genkeypair -alias a -dname CN=A -keypass changeit -storetype pkcs12")
+                .shouldHaveExitValue(0);
+        // A pkcs12 keystore cannot be loaded as a JCEKS keystore
+        kt("-list -storetype jceks").shouldHaveExitValue(1);
+    }
+    static OutputAnalyzer kt(String arg) throws Exception {
+        return SecurityTools.keytool("-debug -keystore ks -storepass changeit " + arg);
+    }
+}