RFR 8172975: SecurityTools.keytool() needs to accept user input
Artem Smotrakov
artem.smotrakov at oracle.com
Thu Jan 19 13:40:42 UTC 2017
Hi Max,
In general, looks okay.
Would it be better if it called redirectInput() only if the response
file exists? keytool() method might also delete the response file after
reading it. These two measures may prevent situations when the response
file is unnecessary used.
What do you think?
Artem
On 01/18/2017 05:50 PM, Weijun Wang wrote:
> Please review the code changes at
>
> root: http://cr.openjdk.java.net/~weijun/8172975/root/webrev.00/
> jdk: http://cr.openjdk.java.net/~weijun/8172975/webrev.00/
>
> The fix is in root repo. This is not an elegant solution because it
> uses a separate method to provide the response. This means you have to
> clear the response if the next keytool call does not need it. This
> also means you cannot run keytool in multiple threads.
>
> I didn't provide the response as an extra argument because there are
> already many overloaded keytool() methods, and I do not want to invent
> a new method name (say, keytoolWithResponse) and implement the same
> number of overloaded methods.
>
> If you are strongly against this solution, I'll think of another way.
>
> The jdk change includes a test for this change, as well as a trivial
> fix for keytool's getYesNoReply() method. Otherwise an NPE is thrown
> with the following command:
>
> cat untrusted.cert | keytool -importcert -alias a
>
> Thanks
> Max
More information about the security-dev
mailing list