RFR: 8231107: Allow store password to be null when saving a PKCS12 KeyStore

Weijun Wang weijun at openjdk.java.net
Mon Oct 25 23:44:13 UTC 2021

On Mon, 25 Oct 2021 17:02:10 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> You can create a password-less PKCS12 KeyStore file now by calling `ks.store(outStream, null)` no matter what the default cert protection algorithm and Mac algorithm are defined in `java.security`.
>> Note: the system properties set in `ToolsJDK.gmk` to generate `cacerts` must be retained (at the moment) because the tool is launched with BOOT_JDK.
> test/jdk/sun/security/pkcs12/EmptyPassword.java line 57:
>> 55:                 });
>> 56: 
>> 57:         // 8202299: interop before new char[0] and new char[1]
> Can you make this comment more descriptive? Not sure what "before" means. Is this just making sure you can store a keystore and key entry with "\0" as the password and load it back with ""? Should you also try to load it back with "\0" too?

Typo: s/before/between/.

I'll add one with "\0". That should always work since it's the same password used in load() and store().


PR: https://git.openjdk.java.net/jdk/pull/5950

More information about the security-dev mailing list