archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8231139: Improved keystore support

Browse source 
Reviewed-by: mullan, ahgross
This commit is contained in:
Weijun Wang 2019-10-09 17:42:38 +08:00
parent af20c6b9c4
commit f3815c85a1
10 changed files with 64 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

61
src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java
View file

@ -26,6 +26,7 @@
package com.sun.crypto.provider;
import sun.security.util.Debug;
import sun.security.util.IOUtils;
import java.io.*;
import java.util.*;
@ -73,7 +74,7 @@ public final class JceKeyStore extends KeyStoreSpi {
private static final class PrivateKeyEntry {
Date date; // the creation date of this entry
byte[] protectedKey;
Certificate chain[];
Certificate[] chain;
};
// Secret key
@ -742,23 +743,11 @@ public final class JceKeyStore extends KeyStoreSpi {
entry.date = new Date(dis.readLong());
// read the private key
try {
entry.protectedKey = new byte[dis.readInt()];
} catch (OutOfMemoryError e) {
throw new IOException("Keysize too big");
}
dis.readFully(entry.protectedKey);
entry.protectedKey = IOUtils.readExactlyNBytes(dis, dis.readInt());
// read the certificate chain
int numOfCerts = dis.readInt();
try {
if (numOfCerts > 0) {
entry.chain = new Certificate[numOfCerts];
}
} catch (OutOfMemoryError e) {
throw new IOException("Too many certificates in "
+ "chain");
}
List<Certificate> tmpCerts = new ArrayList<>();
for (int j = 0; j < numOfCerts; j++) {
if (xVersion == 2) {
// read the certificate type, and instantiate a
@ -766,27 +755,24 @@ public final class JceKeyStore extends KeyStoreSpi {
// existing factory if possible)
String certType = dis.readUTF();
if (cfs.containsKey(certType)) {
// reuse certificate factory
// reuse certificate factory
cf = cfs.get(certType);
} else {
// create new certificate factory
// create new certificate factory
cf = CertificateFactory.getInstance(
certType);
// store the certificate factory so we can
// reuse it later
// store the certificate factory so we can
// reuse it later
cfs.put(certType, cf);
}
}
// instantiate the certificate
try {
encoded = new byte[dis.readInt()];
} catch (OutOfMemoryError e) {
throw new IOException("Certificate too big");
}
dis.readFully(encoded);
encoded = IOUtils.readExactlyNBytes(dis, dis.readInt());
bais = new ByteArrayInputStream(encoded);
entry.chain[j] = cf.generateCertificate(bais);
tmpCerts.add(cf.generateCertificate(bais));
}
entry.chain = tmpCerts.toArray(
new Certificate[numOfCerts]);
// Add the entry to the list
entries.put(alias, entry);
@ -818,12 +804,7 @@ public final class JceKeyStore extends KeyStoreSpi {
cfs.put(certType, cf);
}
}
try {
encoded = new byte[dis.readInt()];
} catch (OutOfMemoryError e) {
throw new IOException("Certificate too big");
}
dis.readFully(encoded);
encoded = IOUtils.readExactlyNBytes(dis, dis.readInt());
bais = new ByteArrayInputStream(encoded);
entry.cert = cf.generateCertificate(bais);
@ -882,18 +863,14 @@ public final class JceKeyStore extends KeyStoreSpi {
* with
*/
if (password != null) {
byte computed[], actual[];
computed = md.digest();
actual = new byte[computed.length];
dis.readFully(actual);
for (int i = 0; i < computed.length; i++) {
if (computed[i] != actual[i]) {
throw new IOException(
byte[] computed = md.digest();
byte[] actual = IOUtils.readExactlyNBytes(dis, computed.length);
if (!MessageDigest.isEqual(computed, actual)) {
throw new IOException(
"Keystore was tampered with, or "
+ "password was incorrect",
new UnrecoverableKeyException(
"Password verification failed"));
}
new UnrecoverableKeyException(
"Password verification failed"));
}
}
} finally {