[8u] RFR: 8076190: Customizing the generation of a PKCS12 keystore
Hohensee, Paul
hohensee at amazon.com
Fri Aug 6 16:40:34 UTC 2021
Lgtm.
Thanks,
Paul
-----Original Message-----
From: jdk8u-dev <jdk8u-dev-retn at openjdk.java.net> on behalf of Alexey Bakhtin <alexey at azul.com>
Date: Wednesday, August 4, 2021 at 4:46 AM
To: jdk8u-dev <jdk8u-dev at openjdk.java.net>
Cc: Andrew Hughes <gnu.andrew at redhat.com>
Subject: Re: [8u] RFR: 8076190: Customizing the generation of a PKCS12 keystore
Gentle ping.
All preceding patches in the series already comitted to 8u.
This feature minimizes behavior differences between JKS and PKCS12 keystores. Also, it fixes the issue with incorrectly decoded KDF algorithm as described in JDK-8245169 [5]
JBS: https://bugs.openjdk.java.net/browse/JDK-8076190
CSR: https://bugs.openjdk.java.net/browse/JDK-8267040
Original patch: http://hg.openjdk.java.net/jdk/jdk/rev/2457d862a646
8u webrev: http://cr.openjdk.java.net/~abakhtin/8076190_8u/webrev.v0/
Patch does not apply cleanly:
- src/share/classes/com/sun/crypto/provider/SunJCE.java does not have JDK-7092821 [2] , so Mac.HmacPBESHA algorithms registration is performed in the old 8u style
- src/java.base/share/classes/java/security/KeyStore.java - javadoc for getProtectionAlgorithm() method is not changed similar to OpenJDK11 changes
- src/share/classes/sun/security/tools/keytool/Main.java PKCS12 is not default keystore in JDK8u, so I have to modify implementation of PKCS12 password-less detection
- update all src/share/lib/security/java.security-* property files
- test/jdk/sun/security/pkcs12/ParamsPreferences.java
- Path.of replaced by Paths.get
- added "-storetype PKCS12” options to generate PKCS12 keystore
- test/sun/security/pkcs12/ParamsTest.java
- replace missing transferTo() implementation
- Path.of replaced by Paths.get
- use “-storetype PKCS12” to force PKCS12 keystore generation
- load keystore using FileInputStream because of missing KeyStore.getInstance(File) method
- /test/jdk/sun/security/tools/keytool/ProbingFailure.java - JDK-8214100 [4] is not backported to JDK8u because of no KeyStore.getInstance(File) in the JDK8u. Changes are skipped because of no such test.
- jdk/test/lib/security/DerUtils.java already added by JDK-8230978 [3]
sun/security/pkcs12 and sun/security/tools/keytool tests passed.
[2] https://bugs.openjdk.java.net/browse/JDK-7092821
[3] https://bugs.openjdk.java.net/browse/JDK-8230978
[4] https://bugs.openjdk.java.net/browse/JDK-8214100
[5] https://bugs.openjdk.java.net/browse/JDK-8245169
> On 17 May 2021, at 07:40, Andrew Hughes <gnu.andrew at redhat.com> wrote:
>
> On 21:37 Thu 06 May , Alexey Bakhtin wrote:
>> Hi,
>>
>> Please review the backport of JDK-8076190 to 8u for parity with Oracle.
>> This feature minimizes behavior differences between JKS and PKCS12 keystores. Also, it fixes the issue with incorrectly decoded KDF algorithm as described in JDK-8245169 [5]
>>
>> JDK-8076190 depends on the series of PKCS12 related fixes, so this patch should be applied as a series of backports:
>>
> snip...
>
> Please keep to one backport per thread.
>
> Thanks,
> --
> Andrew :)
>
> Senior Free Java Software Engineer
> OpenJDK Package Owner
> Red Hat, Inc. (http://www.redhat.com)
>
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
More information about the jdk8u-dev
mailing list