Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
77908881
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
77908881
编写于
5月 18, 2016
作者:
B
bgopularam
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8134232: KeyStore.load() throws an IOException with a wrong cause in case of wrong password
Reviewed-by: vinnie
上级
f3e3f33e
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
346 addition
and
6 deletion
+346
-6
src/share/classes/com/sun/crypto/provider/JceKeyStore.java
src/share/classes/com/sun/crypto/provider/JceKeyStore.java
+4
-2
src/share/classes/sun/security/pkcs11/P11KeyStore.java
src/share/classes/sun/security/pkcs11/P11KeyStore.java
+17
-2
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+1
-1
test/java/security/KeyStore/TestKeyStoreBasic.java
test/java/security/KeyStore/TestKeyStoreBasic.java
+282
-0
test/sun/security/provider/KeyStore/DKSTest.java
test/sun/security/provider/KeyStore/DKSTest.java
+42
-1
未找到文件。
src/share/classes/com/sun/crypto/provider/JceKeyStore.java
浏览文件 @
77908881
/*
* Copyright (c) 1998, 201
4
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -864,7 +864,9 @@ public final class JceKeyStore extends KeyStoreSpi {
if
(
computed
[
i
]
!=
actual
[
i
])
{
throw
new
IOException
(
"Keystore was tampered with, or "
+
"password was incorrect"
);
+
"password was incorrect"
,
new
UnrecoverableKeyException
(
"Password verification failed"
));
}
}
}
...
...
src/share/classes/sun/security/pkcs11/P11KeyStore.java
浏览文件 @
77908881
/*
* Copyright (c) 2003, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -752,6 +752,21 @@ final class P11KeyStore extends KeyStoreSpi {
}
else
{
login
(
new
PasswordCallbackHandler
(
password
));
}
}
catch
(
LoginException
e
)
{
Throwable
cause
=
e
.
getCause
();
if
(
cause
instanceof
PKCS11Exception
)
{
PKCS11Exception
pe
=
(
PKCS11Exception
)
cause
;
if
(
pe
.
getErrorCode
()
==
CKR_PIN_INCORRECT
)
{
// if password is wrong, the cause of the IOException
// should be an UnrecoverableKeyException
throw
new
IOException
(
"load failed"
,
new
UnrecoverableKeyException
().
initCause
(
e
));
}
}
throw
new
IOException
(
"load failed"
,
e
);
}
try
{
if
(
mapLabels
()
==
true
)
{
// CKA_LABELs are shared by multiple certs
writeDisabled
=
true
;
...
...
@@ -759,7 +774,7 @@ final class P11KeyStore extends KeyStoreSpi {
if
(
debug
!=
null
)
{
dumpTokenMap
();
}
}
catch
(
LoginException
|
KeyStoreException
|
PKCS11Exception
e
)
{
}
catch
(
KeyStoreException
|
PKCS11Exception
e
)
{
throw
new
IOException
(
"load failed"
,
e
);
}
}
...
...
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
浏览文件 @
77908881
...
...
@@ -2051,7 +2051,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
}
if
(!
MessageDigest
.
isEqual
(
macData
.
getDigest
(),
macResult
))
{
throw
new
Securit
yException
(
"Failed PKCS12"
+
throw
new
UnrecoverableKe
yException
(
"Failed PKCS12"
+
" integrity checking"
);
}
}
catch
(
Exception
e
)
{
...
...
test/java/security/KeyStore/TestKeyStoreBasic.java
0 → 100644
浏览文件 @
77908881
/*
* Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import
java.io.BufferedInputStream
;
import
java.io.ByteArrayInputStream
;
import
java.io.ByteArrayOutputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.security.KeyFactory
;
import
java.security.KeyStore
;
import
java.security.KeyStoreException
;
import
java.security.NoSuchProviderException
;
import
java.security.PrivateKey
;
import
java.security.UnrecoverableKeyException
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.spec.KeySpec
;
import
java.security.spec.PKCS8EncodedKeySpec
;
import
java.util.Base64
;
/*
* @test
* @bug 8048621 8133090
* @summary Test basic operations with keystores (jks, jceks, pkcs12)
* @author Yu-Ching Valerie PENG
*/
public
class
TestKeyStoreBasic
{
private
static
final
String
PRIVATE_KEY_PKCS8_BASE64
=
""
+
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpyz97liuWPDYcLH9TX8BiT78o"
+
"lCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgKmLhuczF3M9VIcWr+"
+
"JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz7leikne7KmclHvTfvFd0WDI7Gb9v"
+
"o4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXRv5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfF"
+
"e1DDsMg/KpKGiILYZ+g2qtVMZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e"
+
"+sO6H24w2F19AgMBAAECggEBAId/12187dO6wUPCjumuJA1QrrBnbKdKONyai36uoc1Od4s5QFj7"
+
"+hEIeS7rbGNYQuBvnkgusAbzkW0FIpxpHce3EJez/emux6pEOKoP77BwMt9gy+txyu0+BHi91FQg"
+
"AGvrnQDO5EYVY4Cz/WjOsJzKu8zVLg+DS0Toa2qRFwmUe9mVAXPNOCZ3Oae/Q6tCDsaINNw0fmjj"
+
"jn6uohPbS+n6xENG3FkQXB36getXy310xTGED2J27cmAQH6gLR6Kl2iROzNPbbpBqbuemI9kbcld"
+
"EwBS1jRfZWeaPstYA1niVrE9UgUBzemnoh4TDkG076sYthHMr5QFGjPswnwtJ4ECgYEA0sURQ5+v"
+
"baH4tdaemI3qpnknXTlzSpuZZmAoyvY0Id0mlduwKwmZ3Y5989wHfnnhFfyNO4IkTKjI2Wp97qP5"
+
"4eqUNpA7FtNU7KUzMcFDTtwtNZuRYMrKlqo2lLbA+gVrAYpYZFL4b7tcwtX4DnYorDsmude6W8sG"
+
"4Mx2VdFJC9UCgYEAzjsdXCYH5doWUHb0dvn9ID7IikffEMRM720MRjrnnnVbpzx6ACntkPDNZg7p"
+
"TRE/mx7iBz81ZaUWE+V0wd0JvCHEdpAz3mksyvDFhU4Bgs6xzf2pSul5muhsx3hHcvvPezz5Bnxs"
+
"faJlzkxfwotyGmvWN15GA/pyfsZjsbbTpwkCgYAO6NnbysQCIV8SnegCKqfatt9N/O5m7LLhRxQb"
+
"p2bwrlA4cZ34rWkw/w9x3LK7A6wkfgUPnJkswxPSLXJTG05l6M4rPfCwIKr1Qopojp9QSMr569NQ"
+
"4YeLOOc7heIIzbFQHpU6I5Rncv2Q2sn9W+ZsqJKIuvX34FjQNiZ406EzMQKBgHSxOGS61D84DuZK"
+
"2Ps1awhC3kB4eHzJRms3vflDPWoJJ+pSKwpKrzUTPHXiPBqyhtYkPGszVeiE6CAr9sv3YZnFVaBs"
+
"6hyQUJsob+uE/w/gGvXe8VsFDx0bJOodYfhrCbTHBHWqE81nBcocpxayxsayfAzqWB3KKd0YLrMR"
+
"K2PZAoGAcZa8915R2m0KZ6HVJUt/JDR85jCbN71kcVDFY2XSFkOJvOdFoHNfRckfLzjq9Y2MSSTV"
+
"+QDWbDo2doUQCejJUTaN8nP79tfyir24X5uVPvQaeVoGTKYb+LfUqK0F60lStmjuddIGSZH55y3v"
+
"+9XjmxbVERtd1lqgQg3VlmKlEXY="
;
/*
* Certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 7 (0x7)
* Signature Algorithm: sha512WithRSAEncryption
* Issuer: CN=Root
* Validity
* Not Before: Sep 1 18:03:59 2015 GMT
* Not After : Jan 17 18:03:59 2043 GMT
* Subject: CN=EE
*/
private
static
final
String
CERTIFICATE
=
""
+
"-----BEGIN CERTIFICATE-----\n"
+
"MIIDHTCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQ0FADAPMQ0wCwYDVQQDDARSb290\n"
+
"MB4XDTE1MDkwMTE4MDM1OVoXDTQzMDExNzE4MDM1OVowDTELMAkGA1UEAwwCRUUw\n"
+
"ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpyz97liuWPDYcLH9TX8Bi\n"
+
"T78olCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgK\n"
+
"mLhuczF3M9VIcWr+JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz\n"
+
"7leikne7KmclHvTfvFd0WDI7Gb9vo4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXR\n"
+
"v5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfFe1DDsMg/KpKGiILYZ+g2qtVM\n"
+
"ZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e+sO6H24w2F19\n"
+
"AgMBAAGjgYUwgYIwNAYDVR0fBC0wKzApoCegJYYjbGRhcDovL2xkYXAuaG9zdC5m\n"
+
"b3IuY3JsZHAvbWFpbi5jcmwwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzAChi5s\n"
+
"ZGFwOi8vbGRhcC5ob3N0LmZvci5haWEvZGM9Um9vdD9jQUNlcnRpZmljYXRlMA0G\n"
+
"CSqGSIb3DQEBDQUAA4IBAQBWDfZHpuUx0yn5d3+BuztFqoks1MkGdk+USlH0TB1/\n"
+
"gWWBd+4S4PCKlpSur0gj2rMW4fP5HQfNlHci8JV8/bG4KuKRAXW56dg1818Hl3pc\n"
+
"iIrUSRn8uUjH3p9qb+Rb/u3mmVQRyJjN2t/zceNsO8/+Dd808OB9aEwGs8lMT0nn\n"
+
"ZYaaAqYz1GIY/Ecyx1vfEZEQ1ljo6i/r70C3igbypBUShxSiGsleiVTLOGNA+MN1\n"
+
"/a/Qh0bkaQyTGqK3bwvzzMeQVqWu2EWTBD/PmND5ExkpRICdv8LBVXfLnpoBr4lL\n"
+
"hnxn9+e0Ah+t8dS5EKfn44w5bI5PCu2bqxs6RCTxNjcY\n"
+
"-----END CERTIFICATE-----\n"
;
private
static
final
char
[]
PASSWD2
=
new
char
[]
{
'b'
,
'o'
,
'r'
,
'e'
,
'd'
};
private
static
final
char
[]
PASSWDK
=
"cannot be null"
.
toCharArray
();
private
static
final
String
[]
KS_Type
=
{
"jks"
,
"jceks"
,
"pkcs12"
,
"PKCS11KeyStore"
};
private
static
final
String
[]
PROVIDERS
=
{
"SUN"
,
"SunJCE"
,
"SunJSSE"
,
"SunPKCS11-Solaris"
};
private
static
final
String
ALIAS_HEAD
=
"test"
;
public
static
void
main
(
String
args
[])
throws
Exception
{
TestKeyStoreBasic
jstest
=
new
TestKeyStoreBasic
();
jstest
.
run
();
}
public
void
run
()
throws
Exception
{
for
(
String
provider
:
PROVIDERS
)
{
try
{
runTest
(
provider
);
System
.
out
.
println
(
"Test with provider "
+
provider
+
"passed"
);
}
catch
(
java
.
security
.
KeyStoreException
e
)
{
if
(
provider
.
equals
(
"SunPKCS11-Solaris"
))
{
System
.
out
.
println
(
"KeyStoreException is expected: "
+
"PKCS11KeyStore is invalid keystore type: "
+
e
);
}
else
{
throw
e
;
}
}
catch
(
NoSuchProviderException
e
)
{
String
osName
=
System
.
getProperty
(
"os.name"
);
if
(
provider
.
equals
(
"SunPKCS11-Solaris"
)
&&
!
osName
.
equals
(
"SunOS"
))
{
System
.
out
.
println
(
"Skip SunPKCS11-Solaris provider on "
+
osName
);
}
else
{
throw
e
;
}
}
}
}
public
void
runTest
(
String
provider
)
throws
Exception
{
// load private key
// all keystore types should support private keys
KeySpec
spec
=
new
PKCS8EncodedKeySpec
(
Base64
.
getMimeDecoder
().
decode
(
PRIVATE_KEY_PKCS8_BASE64
));
PrivateKey
privateKey
=
KeyFactory
.
getInstance
(
"RSA"
)
.
generatePrivate
(
spec
);
// load x509 certificate
Certificate
cert
;
try
(
InputStream
is
=
new
BufferedInputStream
(
new
ByteArrayInputStream
(
CERTIFICATE
.
getBytes
())))
{
cert
=
CertificateFactory
.
getInstance
(
"X.509"
)
.
generateCertificate
(
is
);
}
int
numEntries
=
5
;
String
type
=
null
;
for
(
int
i
=
0
;
i
<
PROVIDERS
.
length
;
i
++)
{
if
(
provider
.
compareTo
(
PROVIDERS
[
i
])
==
0
)
{
type
=
KS_Type
[
i
];
break
;
}
}
System
.
out
.
printf
(
"Test %s provider and %s keystore%n"
,
provider
,
type
);
KeyStore
ks
=
KeyStore
.
getInstance
(
type
,
provider
);
KeyStore
ks2
=
KeyStore
.
getInstance
(
type
,
ks
.
getProvider
().
getName
());
// create an empty key store
ks
.
load
(
null
,
null
);
// store the secret keys
for
(
int
j
=
0
;
j
<
numEntries
;
j
++)
{
ks
.
setKeyEntry
(
ALIAS_HEAD
+
j
,
privateKey
,
PASSWDK
,
new
Certificate
[]
{
cert
});
}
// initialize the 2nd key store object with the 1st one
ByteArrayOutputStream
baos
=
new
ByteArrayOutputStream
();
ks
.
store
(
baos
,
PASSWDK
);
byte
[]
bArr
=
baos
.
toByteArray
();
ByteArrayInputStream
bais
=
new
ByteArrayInputStream
(
bArr
);
ks2
.
load
(
bais
,
null
);
// check 2nd key store type
checkType
(
ks2
,
type
);
// check the existing aliases for the 2nd key store
checkAlias
(
ks2
,
numEntries
);
// compare the creation date of the 2 key stores for all aliases
compareCreationDate
(
ks
,
ks2
,
numEntries
);
// remove the last entry from the 2nd key store
numEntries
--;
ks2
.
deleteEntry
(
ALIAS_HEAD
+
numEntries
);
// re-initialize the 1st key store with the 2nd key store
baos
.
reset
();
ks2
.
store
(
baos
,
PASSWD2
);
bais
=
new
ByteArrayInputStream
(
baos
.
toByteArray
());
try
{
// expect an exception since the password is incorrect
ks
.
load
(
bais
,
PASSWDK
);
throw
new
RuntimeException
(
"ERROR: passed the loading with incorrect password"
);
}
catch
(
IOException
ex
)
{
System
.
out
.
println
(
"Expected exception: "
+
ex
);
if
(!
causedBy
(
ex
,
UnrecoverableKeyException
.
class
))
{
ex
.
printStackTrace
(
System
.
out
);
throw
new
RuntimeException
(
"Unexpected cause"
);
}
System
.
out
.
println
(
"Expected cause: "
+
UnrecoverableKeyException
.
class
.
getName
());
bais
.
reset
();
ks
.
load
(
bais
,
PASSWD2
);
bais
.
reset
();
ks
.
load
(
bais
,
null
);
}
// check key store type
checkType
(
ks
,
type
);
// check the existing aliases
checkAlias
(
ks
,
numEntries
);
// compare the creation date of the 2 key stores for all aliases
compareCreationDate
(
ks
,
ks2
,
numEntries
);
}
// check key store type
private
void
checkType
(
KeyStore
obj
,
String
type
)
{
if
(!
obj
.
getType
().
equals
(
type
))
{
throw
new
RuntimeException
(
"ERROR: wrong key store type"
);
}
}
// check the existing aliases
private
void
checkAlias
(
KeyStore
obj
,
int
range
)
throws
KeyStoreException
{
for
(
int
k
=
0
;
k
<
range
;
k
++)
{
if
(!
obj
.
containsAlias
(
ALIAS_HEAD
+
k
))
{
throw
new
RuntimeException
(
"ERROR: alias ("
+
k
+
") should exist"
);
}
}
}
// compare the creation dates - true if all the same
private
void
compareCreationDate
(
KeyStore
o1
,
KeyStore
o2
,
int
range
)
throws
KeyStoreException
{
String
alias
;
for
(
int
k
=
0
;
k
<
range
;
k
++)
{
alias
=
ALIAS_HEAD
+
k
;
if
(!
o1
.
getCreationDate
(
alias
).
equals
(
o2
.
getCreationDate
(
alias
)))
{
throw
new
RuntimeException
(
"ERROR: entry creation time ("
+
k
+
") differs"
);
}
}
}
// checks if an exception was caused by specified exception class
private
static
boolean
causedBy
(
Exception
e
,
Class
klass
)
{
Throwable
cause
=
e
;
while
((
cause
=
cause
.
getCause
())
!=
null
)
{
if
(
cause
.
getClass
().
equals
(
klass
))
{
return
true
;
}
}
return
false
;
}
}
test/sun/security/provider/KeyStore/DKSTest.java
浏览文件 @
77908881
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013,
2016,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -60,7 +60,37 @@ public class DKSTest {
new
KeyStore
.
PasswordProtection
(
"passphrase"
.
toCharArray
()));
}};
private
static
final
Map
<
String
,
KeyStore
.
ProtectionParameter
>
WRONG_PASSWORDS
=
new
HashMap
<
String
,
KeyStore
.
ProtectionParameter
>()
{{
put
(
"policy_keystore"
,
new
KeyStore
.
PasswordProtection
(
"wrong"
.
toCharArray
()));
put
(
"pw_keystore"
,
new
KeyStore
.
PasswordProtection
(
"wrong"
.
toCharArray
()));
put
(
"eckeystore1"
,
new
KeyStore
.
PasswordProtection
(
"wrong"
.
toCharArray
()));
put
(
"eckeystore2"
,
new
KeyStore
.
PasswordProtection
(
"wrong"
.
toCharArray
()));
}};
public
static
void
main
(
String
[]
args
)
throws
Exception
{
/*
* domain keystore: keystores with wrong passwords
*/
try
{
URI
config
=
new
URI
(
CONFIG
+
"#keystores"
);
KeyStore
ks
=
KeyStore
.
getInstance
(
"DKS"
);
ks
.
load
(
new
DomainLoadStoreParameter
(
config
,
WRONG_PASSWORDS
));
throw
new
RuntimeException
(
"Expected exception not thrown"
);
}
catch
(
IOException
e
)
{
System
.
out
.
println
(
"Expected exception: "
+
e
);
if
(!
causedBy
(
e
,
UnrecoverableKeyException
.
class
))
{
e
.
printStackTrace
(
System
.
out
);
throw
new
RuntimeException
(
"Unexpected cause"
);
}
System
.
out
.
println
(
"Expected cause: "
+
e
);
}
/*
* domain keystore: system
*/
...
...
@@ -182,4 +212,15 @@ public class DKSTest {
return
factory
.
generateCertificate
(
certStream
);
}
}
// checks if an exception was caused by specified exception class
private
static
boolean
causedBy
(
Exception
e
,
Class
klass
)
{
Throwable
cause
=
e
;
while
((
cause
=
cause
.
getCause
())
!=
null
)
{
if
(
cause
.
getClass
().
equals
(
klass
))
{
return
true
;
}
}
return
false
;
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录