RFR 8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
Artem Smotrakov
artem.smotrakov at oracle.com
Fri Aug 26 20:48:49 UTC 2016
Hi Svetlana,
DerValue class may be implicitly used in different areas (x509, SSL/TLS,
keystores, maybe krb5, etc). Please make sure that tests from
jdk_security pass.
I'll leave the main review to someone who is more knowledgeable in this
area, here are a couple of comments:
- Please update copyright year
- You may want to replace new byte[] + System.arraycopy() by
Arrays.copyOfRange()
- It may be better to add a separate test case in ReadP12Test.java for
SequenceInputStream instead of loading a keystore twice in each call to
readTest(). One test with SequenceInputStream seems to be enough, and it
would make the logic of readTest() clearer.
Artem
On 08/26/2016 10:58 AM, Svetlana Nikandrova wrote:
> Hello,
>
> please review this fix. It's not possible to read PKCS12 keystore with
> big undefined length DER value in it from SequenceInputStream. Root
> cause of the problem is that sun.security.util.DerValue relays on
> InputStream.available() to get a complete 'indefinite.length' section
> length and then read it, but for SequenceInputStream this method
> returns number of available bytes only for current input stream, not
> the whole sequence. Fixed to read all available data.
>
> JBS:
> https://bugs.openjdk.java.net/browse/JDK-8157404
> Webrev:
> http://cr.openjdk.java.net/~snikandrova/8157404/webrev.00/
> <http://cr.openjdk.java.net/%7Esnikandrova/8157404/webrev.00/>
>
> Thanks,
> Svetlana
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20160826/e0ef2e59/attachment.htm>
More information about the security-dev
mailing list