RFR [10]: 8194307: KeyStore#getInstance with custom LoadStoreParameter succeeds with invalid password

Weijun Wang weijun.wang at oracle.com
Thu Jan 18 10:54:36 UTC 2018

The code change looks fine to me.

Do you mean that getInstance(File, LoadStoreParameter) should have never been invented because a static password should always be enough for a static file?


> On Jan 18, 2018, at 6:36 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> Please review this tck-red bug that needs to be fixed in JDK 10.
> bug: https://bugs.openjdk.java.net/browse/JDK-8194307
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8194307/webrev.00/
> The current fix is slightly limited in that it doesn't allow the LoadStoreParameter to be passed onto the underlying KeyStore, but that would require an additional API change (an overloaded KeyStore.load method that takes an InputStream and a LoadStoreParameter). Also, none of the existing JDK KeyStore file-based implementations support LoadStoreParameters, so this fix should be sufficient for now or until someone needs or requests that functionality.
> Thanks,
> Sean

More information about the security-dev mailing list