8218553: Enhance keystore load debug output

Reviewed-by: weijun, sgehwolf

src/macosx/classes/apple/security/KeychainStore.java

 /*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -102,6 +102,8 @@ public final class KeychainStore extends KeyStoreSpi {
     private static final int iterationCount = 1024;
     private static final int SALT_LEN = 20;
 
+    private static final Debug debug = Debug.getInstance("keystore");
+
     static {
         AccessController.doPrivileged(
             new PrivilegedAction<Void>() {
@@ -771,6 +773,10 @@ public final class KeychainStore extends KeyStoreSpi {
 
             entries.clear();
             _scanKeychain();
+            if (debug != null) {
+                debug.println("KeychainStore load entry count: " +
+                        entries.size());
+            }
         }
     }
 

src/share/classes/com/sun/crypto/provider/JceKeyStore.java

 /*
- * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.crypto.provider;
 
+import sun.security.util.Debug;
+
 import java.io.*;
 import java.util.*;
 import java.security.AccessController;
@@ -61,6 +63,7 @@ import sun.misc.ObjectInputFilter;
 
 public final class JceKeyStore extends KeyStoreSpi {
 
+    private static final Debug debug = Debug.getInstance("keystore");
     private static final int JCEKS_MAGIC = 0xcececece;
     private static final int JKS_MAGIC = 0xfeedfeed;
     private static final int VERSION_1 = 0x01;
@@ -682,6 +685,7 @@ public final class JceKeyStore extends KeyStoreSpi {
             Hashtable<String, CertificateFactory> cfs = null;
             ByteArrayInputStream bais = null;
             byte[] encoded = null;
+            int trustedKeyCount = 0, privateKeyCount = 0, secretKeyCount = 0;
 
             if (stream == null)
                 return;
@@ -728,7 +732,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                     tag = dis.readInt();
 
                     if (tag == 1) { // private-key entry
-
+                        privateKeyCount++;
                         PrivateKeyEntry entry = new PrivateKeyEntry();
 
                         // read the alias
@@ -788,7 +792,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                         entries.put(alias, entry);
 
                     } else if (tag == 2) { // trusted certificate entry
-
+                        trustedKeyCount++;
                         TrustedCertEntry entry = new TrustedCertEntry();
 
                         // read the alias
@@ -827,7 +831,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                         entries.put(alias, entry);
 
                     } else if (tag == 3) { // secret-key entry
-
+                        secretKeyCount++;
                         SecretKeyEntry entry = new SecretKeyEntry();
 
                         // read the alias
@@ -860,10 +864,18 @@ public final class JceKeyStore extends KeyStoreSpi {
                         entries.put(alias, entry);
 
                     } else {
-                        throw new IOException("Unrecognized keystore entry");
+                        throw new IOException("Unrecognized keystore entry: " +
+                                tag);
                     }
                 }
 
+                if (debug != null) {
+                    debug.println("JceKeyStore load: private key count: " +
+                        privateKeyCount + ". trusted key count: " +
+                        trustedKeyCount + ". secret key count: " +
+                        secretKeyCount);
+                }
+
                 /*
                  * If a password has been provided, we check the keyed digest
                  * at the end. If this check fails, the store has been tampered

src/share/classes/sun/security/pkcs11/P11KeyStore.java

 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -773,6 +773,8 @@ final class P11KeyStore extends KeyStoreSpi {
             }
             if (debug != null) {
                 dumpTokenMap();
+                debug.println("P11KeyStore load. Entry count: " +
+                        aliasMap.size());
             }
         } catch (KeyStoreException | PKCS11Exception e) {
             throw new IOException("load failed", e);

src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java

@@ -2152,18 +2152,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
         }
 
         if (debug != null) {
-            if (privateKeyCount > 0) {
-                debug.println("Loaded " + privateKeyCount +
-                    " protected private key(s)");
-            }
-            if (secretKeyCount > 0) {
-                debug.println("Loaded " + secretKeyCount +
-                    " protected secret key(s)");
-            }
-            if (certificateCount > 0) {
-                debug.println("Loaded " + certificateCount +
-                    " certificate(s)");
-            }
+            debug.println("PKCS12KeyStore load: private key count: " +
+                    privateKeyCount + ". secret key count: " + secretKeyCount +
+                    ". certificate count: " + certificateCount);
         }
 
         certEntries.clear();

src/share/classes/sun/security/provider/JavaKeyStore.java

 /*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@ import java.util.*;
 import sun.misc.IOUtils;
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.pkcs12.PKCS12KeyStore;
+import sun.security.util.Debug;
 
 /**
  * This class provides the keystore implementation referred to as "JKS".
@@ -73,6 +74,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
         }
     }
 
+    private static final Debug debug = Debug.getInstance("keystore");
     private static final int MAGIC = 0xfeedfeed;
     private static final int VERSION_1 = 0x01;
     private static final int VERSION_2 = 0x02;
@@ -642,6 +644,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
             Hashtable<String, CertificateFactory> cfs = null;
             ByteArrayInputStream bais = null;
             byte[] encoded = null;
+            int trustedKeyCount = 0, privateKeyCount = 0;
 
             if (stream == null)
                 return;
@@ -680,7 +683,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                 tag = dis.readInt();
 
                 if (tag == 1) { // private key entry
-
+                    privateKeyCount++;
                     KeyEntry entry = new KeyEntry();
 
                     // Read the alias
@@ -729,7 +732,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                     entries.put(alias, entry);
 
                 } else if (tag == 2) { // trusted certificate entry
-
+                    trustedKeyCount++;
                     TrustedCertEntry entry = new TrustedCertEntry();
 
                     // Read the alias
@@ -764,10 +767,16 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                     entries.put(alias, entry);
 
                 } else {
-                    throw new IOException("Unrecognized keystore entry");
+                    throw new IOException("Unrecognized keystore entry: " +
+                            tag);
                 }
             }
 
+            if (debug != null) {
+                debug.println("JavaKeyStore load: private key count: " +
+                    privateKeyCount + ". trusted key count: " + trustedKeyCount);
+            }
+
             /*
              * If a password has been provided, we check the keyed digest
              * at the end. If this check fails, the store has been tampered

src/windows/classes/sun/security/mscapi/KeyStore.java

 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@ import java.util.*;
 
 import sun.security.action.GetPropertyAction;
 
+import sun.security.util.Debug;
+
 /**
  * Implementation of key store for Windows using the Microsoft Crypto API.
  *
@@ -186,6 +188,7 @@ abstract class KeyStore extends KeyStoreSpi {
     private static final String KEYSTORE_COMPATIBILITY_MODE_PROP =
         "sun.security.mscapi.keyStoreCompatibilityMode";
     private final boolean keyStoreCompatibilityMode;
+    private static final Debug debug = Debug.getInstance("keystore");
 
     /*
      * The keystore entries.
@@ -728,6 +731,11 @@ abstract class KeyStore extends KeyStoreSpi {
         } catch (KeyStoreException e) {
             throw new IOException(e);
         }
+
+        if (debug != null) {
+            debug.println("MSCAPI keystore load: entry count: " +
+                    entries.size());
+        }
     }
 
     /**