RFR: 8231107: Allow store password to be null when saving a PKCS12 KeyStore
Weijun Wang
weijun at openjdk.java.net
Mon Oct 25 23:44:13 UTC 2021
On Mon, 25 Oct 2021 17:02:10 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> You can create a password-less PKCS12 KeyStore file now by calling `ks.store(outStream, null)` no matter what the default cert protection algorithm and Mac algorithm are defined in `java.security`.
>>
>> Note: the system properties set in `ToolsJDK.gmk` to generate `cacerts` must be retained (at the moment) because the tool is launched with BOOT_JDK.
>
> test/jdk/sun/security/pkcs12/EmptyPassword.java line 57:
>
>> 55: });
>> 56:
>> 57: // 8202299: interop before new char[0] and new char[1]
>
> Can you make this comment more descriptive? Not sure what "before" means. Is this just making sure you can store a keystore and key entry with "\0" as the password and load it back with ""? Should you also try to load it back with "\0" too?
Typo: s/before/between/.
I'll add one with "\0". That should always work since it's the same password used in load() and store().
-------------
PR: https://git.openjdk.java.net/jdk/pull/5950
More information about the security-dev
mailing list