8218553: Enhance keystore load debug output

Reviewed-by: weijun, sgehwolf

8218553: Enhance keystore load debug output
Reviewed-by: weijun, sgehwolf
d088b4be · coffeys · 17a5a1d6 · d088b4be · d088b4be · d088b4be
6 changed file
--- a/src/macosx/classes/apple/security/KeychainStore.java
+++ b/src/macosx/classes/apple/security/KeychainStore.java
 /*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -102,6 +102,8 @@ public final class KeychainStore extends KeyStoreSpi {
    private static final int iterationCount = 1024;
    private static final int SALT_LEN = 20;
+    private static final Debug debug = Debug.getInstance("keystore");
    static {
        AccessController.doPrivileged(
            new PrivilegedAction<Void>() {
@@ -771,6 +773,10 @@ public final class KeychainStore extends KeyStoreSpi {
            entries.clear();
            _scanKeychain();
+            if (debug != null) {
+                debug.println("KeychainStore load entry count: " +
+                        entries.size());
+            }
        }
    }

--- a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java
+++ b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java
 /*
- * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 package com.sun.crypto.provider;
+import sun.security.util.Debug;
 import java.io.*;
 import java.util.*;
 import java.security.AccessController;
@@ -61,6 +63,7 @@ import sun.misc.ObjectInputFilter;
 public final class JceKeyStore extends KeyStoreSpi {
+    private static final Debug debug = Debug.getInstance("keystore");
    private static final int JCEKS_MAGIC = 0xcececece;
    private static final int JKS_MAGIC = 0xfeedfeed;
    private static final int VERSION_1 = 0x01;
@@ -682,6 +685,7 @@ public final class JceKeyStore extends KeyStoreSpi {
            Hashtable<String, CertificateFactory> cfs = null;
            ByteArrayInputStream bais = null;
            byte[] encoded = null;
+            int trustedKeyCount = 0, privateKeyCount = 0, secretKeyCount = 0;
            if (stream == null)
                return;
@@ -728,7 +732,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                    tag = dis.readInt();
                    if (tag == 1) { // private-key entry
+                        privateKeyCount++;
                        PrivateKeyEntry entry = new PrivateKeyEntry();
                        // read the alias
@@ -788,7 +792,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                        entries.put(alias, entry);
                    } else if (tag == 2) { // trusted certificate entry
+                        trustedKeyCount++;
                        TrustedCertEntry entry = new TrustedCertEntry();
                        // read the alias
@@ -827,7 +831,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                        entries.put(alias, entry);
                    } else if (tag == 3) { // secret-key entry
+                        secretKeyCount++;
                        SecretKeyEntry entry = new SecretKeyEntry();
                        // read the alias
@@ -860,10 +864,18 @@ public final class JceKeyStore extends KeyStoreSpi {
                        entries.put(alias, entry);
                    } else {
-                        throw new IOException("Unrecognized keystore entry");
+                        throw new IOException("Unrecognized keystore entry: " +
+                                tag);
                    }
                }
+                if (debug != null) {
+                    debug.println("JceKeyStore load: private key count: " +
+                        privateKeyCount + ". trusted key count: " +
+                        trustedKeyCount + ". secret key count: " +
+                        secretKeyCount);
+                }
                /*
                 * If a password has been provided, we check the keyed digest
                 * at the end. If this check fails, the store has been tampered

--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java
+++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -773,6 +773,8 @@ final class P11KeyStore extends KeyStoreSpi {
            }
            if (debug != null) {
                dumpTokenMap();
+                debug.println("P11KeyStore load. Entry count: " +
+                        aliasMap.size());
            }
        } catch (KeyStoreException | PKCS11Exception e) {
            throw new IOException("load failed", e);

--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@@ -2152,18 +2152,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
        }
        if (debug != null) {
-            if (privateKeyCount > 0) {
+            debug.println("PKCS12KeyStore load: private key count: " +
-                debug.println("Loaded " + privateKeyCount +
+                    privateKeyCount + ". secret key count: " + secretKeyCount +
-                    " protected private key(s)");
+                    ". certificate count: " + certificateCount);
-            }
-            if (secretKeyCount > 0) {
-                debug.println("Loaded " + secretKeyCount +
-                    " protected secret key(s)");
-            }
-            if (certificateCount > 0) {
-                debug.println("Loaded " + certificateCount +
-                    " certificate(s)");
-            }
        }
        certEntries.clear();

--- a/src/share/classes/sun/security/provider/JavaKeyStore.java
+++ b/src/share/classes/sun/security/provider/JavaKeyStore.java
 /*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@ import java.util.*;
 import sun.misc.IOUtils;
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.pkcs12.PKCS12KeyStore;
+import sun.security.util.Debug;
 /**
 * This class provides the keystore implementation referred to as "JKS".
@@ -73,6 +74,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
        }
    }
+    private static final Debug debug = Debug.getInstance("keystore");
    private static final int MAGIC = 0xfeedfeed;
    private static final int VERSION_1 = 0x01;
    private static final int VERSION_2 = 0x02;
@@ -642,6 +644,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
            Hashtable<String, CertificateFactory> cfs = null;
            ByteArrayInputStream bais = null;
            byte[] encoded = null;
+            int trustedKeyCount = 0, privateKeyCount = 0;
            if (stream == null)
                return;
@@ -680,7 +683,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                tag = dis.readInt();
                if (tag == 1) { // private key entry
+                    privateKeyCount++;
                    KeyEntry entry = new KeyEntry();
                    // Read the alias
@@ -729,7 +732,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                    entries.put(alias, entry);
                } else if (tag == 2) { // trusted certificate entry
+                    trustedKeyCount++;
                    TrustedCertEntry entry = new TrustedCertEntry();
                    // Read the alias
@@ -764,10 +767,16 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                    entries.put(alias, entry);
                } else {
-                    throw new IOException("Unrecognized keystore entry");
+                    throw new IOException("Unrecognized keystore entry: " +
+                            tag);
                }
            }
+            if (debug != null) {
+                debug.println("JavaKeyStore load: private key count: " +
+                    privateKeyCount + ". trusted key count: " + trustedKeyCount);
+            }
            /*
             * If a password has been provided, we check the keyed digest
             * at the end. If this check fails, the store has been tampered

--- a/src/windows/classes/sun/security/mscapi/KeyStore.java
+++ b/src/windows/classes/sun/security/mscapi/KeyStore.java
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@ import java.util.*;
 import sun.security.action.GetPropertyAction;
+import sun.security.util.Debug;
 /**
 * Implementation of key store for Windows using the Microsoft Crypto API.
 *
@@ -186,6 +188,7 @@ abstract class KeyStore extends KeyStoreSpi {
    private static final String KEYSTORE_COMPATIBILITY_MODE_PROP =
        "sun.security.mscapi.keyStoreCompatibilityMode";
    private final boolean keyStoreCompatibilityMode;
+    private static final Debug debug = Debug.getInstance("keystore");
    /*
     * The keystore entries.
@@ -728,6 +731,11 @@ abstract class KeyStore extends KeyStoreSpi {
        } catch (KeyStoreException e) {
            throw new IOException(e);
        }
+        if (debug != null) {
+            debug.println("MSCAPI keystore load: entry count: " +
+                    entries.size());
+        }
    }
    /**