RFR: 8279066: entries.remove(entry) is useless in PKCS12KeyStore [v2]
Weijun Wang
weijun at openjdk.java.net
Tue Dec 21 21:42:56 UTC 2021
> Before password-less PKCS12 keystores are supported, certificates in a PKCS12 file are always encrypted. Therefore if one loads the keystore with a null pass, it contains `PrivateKeyEntry`s without certificates. This has always been awkward (and most likely useless) so when JDK-8076190 introduced the password-less feature I also added a line to remove such an entry.
>
> https://github.com/openjdk/jdk/blob/a729a70c0119ed071ff490b0dfd4e3e2cb1a5ae4/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#L2272
>
> Unfortunately, the line is not coded correctly, it should have been `remove(key)` but here it's `remove(value)`.
>
> This code change correctly removes the entry.
>
> That said, this behavior, although weird, has been there from the beginning since PKCS12 keystore was introduced. If you can find out a usage of a private key entry without any certificate and think it's worth kept that way, I can simply remove the `remove` call and leave the entry there.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
just ignore it
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6910/files
- new: https://git.openjdk.java.net/jdk/pull/6910/files/ed6ee075..844bf487
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=6910&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=6910&range=00-01
Stats: 98 lines in 3 files changed: 0 ins; 92 del; 6 mod
Patch: https://git.openjdk.java.net/jdk/pull/6910.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/6910/head:pull/6910
PR: https://git.openjdk.java.net/jdk/pull/6910
More information about the security-dev
mailing list