RFR: 8231107: Allow store password to be null when saving a PKCS12 KeyStore
Sean Mullan
mullan at openjdk.java.net
Mon Oct 25 20:49:06 UTC 2021
On Thu, 14 Oct 2021 14:43:32 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> You can create a password-less PKCS12 KeyStore file now by calling `ks.store(outStream, null)` no matter what the default cert protection algorithm and Mac algorithm are defined in `java.security`.
>
> Note: the system properties set in `ToolsJDK.gmk` to generate `cacerts` must be retained (at the moment) because the tool is launched with BOOT_JDK.
test/jdk/sun/security/pkcs12/EmptyPassword.java line 27:
> 25: * @test
> 26: * @bug 8202299 8231107
> 27: * @modules java.base/sun.security.tools.keytool
Can you add an @summary?
test/jdk/sun/security/pkcs12/EmptyPassword.java line 57:
> 55: });
> 56:
> 57: // 8202299: interop before new char[0] and new char[1]
Can you make this comment more descriptive? Not sure what "before" means. Is this just making sure you can store a keystore and key entry with "\0" as the password and load it back with ""? Should you also try to load it back with "\0" too?
-------------
PR: https://git.openjdk.java.net/jdk/pull/5950
More information about the security-dev
mailing list