8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified

Reviewed-by: coffeys, hchao
2025-08-26 14:24:46 +02:00 · 2021-04-30 14:04:13 +00:00 · 2021-04-30 14:04:13 +00:00 · 48bb996ac9
commit 48bb996ac9
parent 87de5b750d
2 changed files with 39 additions and 14 deletions
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@ -933,16 +933,27 @@ public final class Main {
            }
        }

-        // Create new keystore
-        // Probe for keystore type when filename is available
        if (ksfile != null && ksStream != null && providerName == null &&
-                storetype == null && !inplaceImport) {
-            keyStore = KeyStore.getInstance(ksfile, storePass);
-            storetype = keyStore.getType();
+                !inplaceImport) {
+            // existing keystore
+            if (storetype == null) {
+                // Probe for keystore type when filename is available
+                keyStore = KeyStore.getInstance(ksfile, storePass);
+                storetype = keyStore.getType();
+            } else {
+                keyStore = KeyStore.getInstance(storetype);
+                // storePass might be null here, will probably prompt later
+                keyStore.load(ksStream, storePass);
+            }
            if (storetype.equalsIgnoreCase("pkcs12")) {
-                isPasswordlessKeyStore = PKCS12KeyStore.isPasswordless(ksfile);
+                try {
+                    isPasswordlessKeyStore = PKCS12KeyStore.isPasswordless(ksfile);
+                } catch (IOException ioe) {
+                    // This must be a JKS keystore that's opened as a PKCS12
+                }
            }
        } else {
+            // Create new keystore
            if (storetype == null) {
                storetype = KeyStore.getDefaultType();
            }
@ -985,11 +996,9 @@ public final class Main {
                if (inplaceImport) {
                    keyStore.load(null, storePass);
                } else {
+                    // both ksStream and storePass could be null
                    keyStore.load(ksStream, storePass);
                }
-                if (ksStream != null) {
-                    ksStream.close();
-                }
            }
        }

@ -1086,9 +1095,10 @@ public final class Main {
            if (nullStream) {
                keyStore.load(null, storePass);
            } else if (ksStream != null) {
-                ksStream = new FileInputStream(ksfile);
-                keyStore.load(ksStream, storePass);
-                ksStream.close();
+                // Reload with user-provided password
+                try (FileInputStream fis = new FileInputStream(ksfile)) {
+                    keyStore.load(fis, storePass);
+                }
            }
        }