RFR [10]: 8194307: KeyStore#getInstance with custom LoadStoreParameter succeeds with invalid password
Sean Mullan
sean.mullan at oracle.com
Wed Jan 17 22:36:11 UTC 2018
Please review this tck-red bug that needs to be fixed in JDK 10.
bug: https://bugs.openjdk.java.net/browse/JDK-8194307
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8194307/webrev.00/
The current fix is slightly limited in that it doesn't allow the
LoadStoreParameter to be passed onto the underlying KeyStore, but that
would require an additional API change (an overloaded KeyStore.load
method that takes an InputStream and a LoadStoreParameter). Also, none
of the existing JDK KeyStore file-based implementations support
LoadStoreParameters, so this fix should be sufficient for now or until
someone needs or requests that functionality.
Thanks,
Sean
More information about the security-dev
mailing list