RFR: 8231107: Allow store password to be null when saving a PKCS12 KeyStore

Sean Mullan mullan at openjdk.java.net
Mon Oct 25 20:49:06 UTC 2021


On Thu, 14 Oct 2021 14:43:32 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> You can create a password-less PKCS12 KeyStore file now by calling `ks.store(outStream, null)` no matter what the default cert protection algorithm and Mac algorithm are defined in `java.security`.
> 
> Note: the system properties set in `ToolsJDK.gmk` to generate `cacerts` must be retained (at the moment) because the tool is launched with BOOT_JDK.

test/jdk/sun/security/pkcs12/EmptyPassword.java line 27:

> 25:  * @test
> 26:  * @bug 8202299 8231107
> 27:  * @modules java.base/sun.security.tools.keytool

Can you add an @summary?

test/jdk/sun/security/pkcs12/EmptyPassword.java line 57:

> 55:                 });
> 56: 
> 57:         // 8202299: interop before new char[0] and new char[1]

Can you make this comment more descriptive? Not sure what "before" means. Is this just making sure you can store a keystore and key entry with "\0" as the password and load it back with ""? Should you also try to load it back with "\0" too?

-------------

PR: https://git.openjdk.java.net/jdk/pull/5950


More information about the security-dev mailing list