RFR 8172975: SecurityTools.keytool() needs to accept user input
Weijun Wang
weijun.wang at oracle.com
Wed Jan 18 14:50:56 UTC 2017
Please review the code changes at
root: http://cr.openjdk.java.net/~weijun/8172975/root/webrev.00/
jdk: http://cr.openjdk.java.net/~weijun/8172975/webrev.00/
The fix is in root repo. This is not an elegant solution because it uses
a separate method to provide the response. This means you have to clear
the response if the next keytool call does not need it. This also means
you cannot run keytool in multiple threads.
I didn't provide the response as an extra argument because there are
already many overloaded keytool() methods, and I do not want to invent a
new method name (say, keytoolWithResponse) and implement the same number
of overloaded methods.
If you are strongly against this solution, I'll think of another way.
The jdk change includes a test for this change, as well as a trivial fix
for keytool's getYesNoReply() method. Otherwise an NPE is thrown with
the following command:
cat untrusted.cert | keytool -importcert -alias a
Thanks
Max
More information about the security-dev
mailing list