archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry

Browse source 
Reviewed-by: djelinski, mullan
This commit is contained in:
Weijun Wang 2023-10-02 21:53:12 +00:00
parent e25121d1d9
commit d2e2c4cef1
3 changed files with 257 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -705,6 +705,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// set the alias
entry.alias = alias.toLowerCase(Locale.ENGLISH);
// add the entry
populateAttributes(entry);
entries.put(alias.toLowerCase(Locale.ENGLISH), entry);
} catch (KeyStoreException kse) {
@ -785,6 +786,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// add the entry
privateKeyCount++;
populateAttributes(entry);
entries.put(alias.toLowerCase(Locale.ENGLISH), entry);
}
@ -988,6 +990,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
new CertEntry((X509Certificate) cert, null, alias, AnyUsage,
attributes);
certificateCount++;
populateAttributes(certEntry);
entries.put(alias.toLowerCase(Locale.ENGLISH), certEntry);
if (debug != null) {
@ -1264,7 +1267,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
return super.engineGetAttributes(alias);
}
Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
return Collections.unmodifiableSet(new HashSet<>(getAttributes(entry)));
return Collections.unmodifiableSet(new HashSet<>(entry.attributes));
}
/**
@ -1313,7 +1316,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
}
return new KeyStore.TrustedCertificateEntry(
((CertEntry)entry).cert, getAttributes(entry));
((CertEntry)entry).cert, entry.attributes);
}
} else {
throw new UnrecoverableKeyException
@ -1335,12 +1338,12 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
Certificate[] chain = engineGetCertificateChain(alias);
return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain,
getAttributes(entry));
entry.attributes);
} else if (key instanceof SecretKey) {
return new KeyStore.SecretKeyEntry((SecretKey)key,
getAttributes(entry));
entry.attributes);
}
} else if (!engineIsKeyEntry(alias)) {
throw new UnsupportedOperationException
@ -1429,9 +1432,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
}
/*
* Assemble the entry attributes
* Populate the entry with additional attributes used by the implementation.
*/
private Set<KeyStore.Entry.Attribute> getAttributes(Entry entry) {
private void populateAttributes(Entry entry) {
if (entry.attributes == null) {
entry.attributes = new HashSet<>();
@ -1464,8 +1467,6 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
}
}
}
return entry.attributes;
}
/*
@ -2522,6 +2523,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
alias = getUnfriendlyName();
}
entry.alias = alias;
populateAttributes(entry);
entries.put(alias.toLowerCase(Locale.ENGLISH), entry);
} else if (bagItem instanceof X509Certificate cert) {
@ -2543,6 +2545,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
CertEntry certEntry =
new CertEntry(cert, keyId, alias, trustedKeyUsage,
attributes);
populateAttributes(certEntry);
entries.put(alias.toLowerCase(Locale.ENGLISH), certEntry);
} else {
certEntries.add(new CertEntry(cert, keyId, alias));