archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8231139: Improved keystore support

Browse source 
Reviewed-by: mullan, ahgross
This commit is contained in:
Weijun Wang 2019-10-09 17:42:38 +08:00
parent af20c6b9c4
commit f3815c85a1
10 changed files with 64 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/java.base/share/classes/sun/security/provider/JavaKeyStore.java
View file

@ -697,7 +697,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
// Read the private key
entry.protectedPrivKey =
IOUtils.readFully(dis, dis.readInt(), true);
IOUtils.readExactlyNBytes(dis, dis.readInt());
// Read the certificate chain
int numOfCerts = dis.readInt();
@ -722,7 +722,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
}
}
// instantiate the certificate
encoded = IOUtils.readFully(dis, dis.readInt(), true);
encoded = IOUtils.readExactlyNBytes(dis, dis.readInt());
bais = new ByteArrayInputStream(encoded);
certs.add(cf.generateCertificate(bais));
bais.close();
@ -761,7 +761,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
cfs.put(certType, cf);
}
}
encoded = IOUtils.readFully(dis, dis.readInt(), true);
encoded = IOUtils.readExactlyNBytes(dis, dis.readInt());
bais = new ByteArrayInputStream(encoded);
entry.cert = cf.generateCertificate(bais);
bais.close();
@ -787,16 +787,13 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
*/
if (password != null) {
byte[] computed = md.digest();
byte[] actual = new byte[computed.length];
dis.readFully(actual);
for (int i = 0; i < computed.length; i++) {
if (computed[i] != actual[i]) {
Throwable t = new UnrecoverableKeyException
byte[] actual = IOUtils.readExactlyNBytes(dis, computed.length);
if (!MessageDigest.isEqual(computed, actual)) {
Throwable t = new UnrecoverableKeyException
("Password verification failed");
throw (IOException)new IOException
throw (IOException) new IOException
("Keystore was tampered with, or "
+ "password was incorrect").initCause(t);
}
+ "password was incorrect").initCause(t);
}
}
}

2
src/java.base/share/classes/sun/security/util/DerValue.java
View file

@ -395,7 +395,7 @@ public class DerValue {
if (fullyBuffered && in.available() != length)
throw new IOException("extra data given to DerValue constructor");
byte[] bytes = IOUtils.readFully(in, length, true);
byte[] bytes = IOUtils.readExactlyNBytes(in, length);
buffer = new DerInputBuffer(bytes, allowBER);
return new DerInputStream(buffer);

72
src/java.base/share/classes/sun/security/util/IOUtils.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,68 +32,34 @@ package sun.security.util;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
public class IOUtils {
/**
* Read up to {@code length} of bytes from {@code in}
* until EOF is detected.
* @param is input stream, must not be null
* @param length number of bytes to read
* @param readAll if true, an EOFException will be thrown if not enough
* bytes are read.
* @return bytes read
* @throws IOException Any IO error or a premature EOF is detected
*/
public static byte[] readFully(InputStream is, int length, boolean readAll)
throws IOException {
if (length < 0) {
throw new IOException("Invalid length");
}
byte[] output = {};
int pos = 0;
while (pos < length) {
int bytesToRead;
if (pos >= output.length) { // Only expand when there's no room
bytesToRead = Math.min(length - pos, output.length + 1024);
if (output.length < pos + bytesToRead) {
output = Arrays.copyOf(output, pos + bytesToRead);
}
} else {
bytesToRead = output.length - pos;
}
int cc = is.read(output, pos, bytesToRead);
if (cc < 0) {
if (readAll) {
throw new EOFException("Detect premature EOF");
} else {
if (output.length != pos) {
output = Arrays.copyOf(output, pos);
}
break;
}
}
pos += cc;
}
return output;
}
/**
* Read {@code length} of bytes from {@code in}. An exception is
* thrown if there are not enough bytes in the stream.
* Read exactly {@code length} of bytes from {@code in}.
*
* <p> Note that this method is safe to be called with unknown large
* {@code length} argument. The memory used is proportional to the
* actual bytes available. An exception is thrown if there are not
* enough bytes in the stream.
*
* @param is input stream, must not be null
* @param length number of bytes to read, must not be negative
* @param length number of bytes to read
* @return bytes read
* @throws IOException if any IO error or a premature EOF is detected, or
* if {@code length} is negative since this length is usually also
* read from {@code is}.
* @throws EOFException if there are not enough bytes in the stream
* @throws IOException if an I/O error occurs or {@code length} is negative
* @throws OutOfMemoryError if an array of the required size cannot be
* allocated.
*/
public static byte[] readNBytes(InputStream is, int length) throws IOException {
public static byte[] readExactlyNBytes(InputStream is, int length)
throws IOException {
if (length < 0) {
throw new IOException("length cannot be negative: " + length);
}
return readFully(is, length, true);
byte[] data = is.readNBytes(length);
if (data.length < length) {
throw new EOFException();
}
return data;
}
}