RFR [10]: 8194307: KeyStore#getInstance with custom LoadStoreParameter succeeds with invalid password

Sean Mullan sean.mullan at oracle.com
Wed Jan 17 22:36:11 UTC 2018


Please review this tck-red bug that needs to be fixed in JDK 10.

bug: https://bugs.openjdk.java.net/browse/JDK-8194307
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8194307/webrev.00/

The current fix is slightly limited in that it doesn't allow the 
LoadStoreParameter to be passed onto the underlying KeyStore, but that 
would require an additional API change (an overloaded KeyStore.load 
method that takes an InputStream and a LoadStoreParameter). Also, none 
of the existing JDK KeyStore file-based implementations support 
LoadStoreParameters, so this fix should be sufficient for now or until 
someone needs or requests that functionality.

Thanks,
Sean


More information about the security-dev mailing list