RFR 8245679: KeyStore cannot probe PKCS12 keystore if BouncyCastle is the top security provider
Weijun Wang
weijun.wang at oracle.com
Mon Jun 8 12:25:04 UTC 2020
Please take a look at
https://cr.openjdk.java.net/~weijun/8245679/webrev.00/
If two providers support the same keystore type, we only try engineProbe() on the 1st one, and fail if it hasn't implemented it. The correct way is to try KeyStoreSpi from all providers.
I also fixed an error that engineProbe() of both JKS and CaseExactJKS would return true on a JKS keystore, since the method is implemented in their common base class. This means there's a chance that a JKS keystore would be recognized as a CaseExactJKS keystore. This is seen after my code change in KeyStore.
Thanks,
Max
More information about the security-dev
mailing list