8189997: Enhance keystore mechanisms

8194259: keytool error: java.io.IOException: Invalid secret key format Reviewed-by: mullan, valeriep, rriggs, ahgross
2025-08-27 06:45:07 +02:00 · 2018-01-12 08:06:24 +08:00 · 2018-01-12 08:06:24 +08:00 · 8fb70c710a
commit 8fb70c710a
parent 3d7092e9a2
7 changed files with 163 additions and 68 deletions
--- a/src/java.base/share/classes/javax/crypto/SealedObject.java
+++ b/src/java.base/share/classes/javax/crypto/SealedObject.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@

 package javax.crypto;

+import jdk.internal.misc.SharedSecrets;
+
 import java.io.*;
 import java.security.AlgorithmParameters;
 import java.security.Key;
@ -287,17 +289,7 @@ public class SealedObject implements Serializable {
        throws IOException, ClassNotFoundException, IllegalBlockSizeException,
            BadPaddingException
    {
-        /*
-         * Unseal the object
-         */
-        byte[] content = c.doFinal(this.encryptedContent);
-
-        /*
-         * De-serialize it
-         */
-        // creating a stream pipe-line, from b to a
-        ByteArrayInputStream b = new ByteArrayInputStream(content);
-        ObjectInput a = new extObjectInputStream(b);
+        ObjectInput a = getExtObjectInputStream(c);
        try {
            Object obj = a.readObject();
            return obj;
@ -417,17 +409,7 @@ public class SealedObject implements Serializable {
            throw new RuntimeException(iape.getMessage());
        }

-        /*
-         * Unseal the object
-         */
-        byte[] content = c.doFinal(this.encryptedContent);
-
-        /*
-         * De-serialize it
-         */
-        // creating a stream pipe-line, from b to a
-        ByteArrayInputStream b = new ByteArrayInputStream(content);
-        ObjectInput a = new extObjectInputStream(b);
+        ObjectInput a = getExtObjectInputStream(c);
        try {
            Object obj = a.readObject();
            return obj;
@ -450,6 +432,19 @@ public class SealedObject implements Serializable {
        if (encodedParams != null)
            encodedParams = encodedParams.clone();
    }
+
+    // This method is also called inside SealedObjectForKeyProtector.java.
+    private ObjectInputStream getExtObjectInputStream(Cipher c)
+            throws BadPaddingException, IllegalBlockSizeException, IOException {
+
+        byte[] content = c.doFinal(this.encryptedContent);
+        ByteArrayInputStream b = new ByteArrayInputStream(content);
+        return new extObjectInputStream(b);
+    }
+
+    static {
+        SharedSecrets.setJavaxCryptoSealedObjectAccess((obj,c) -> obj.getExtObjectInputStream(c));
+    }
 }

 final class extObjectInputStream extends ObjectInputStream {