RFR: 8306688: Support Windows serialized keystores (SST files)
Weijun Wang
weijun at openjdk.org
Thu Jun 1 17:10:06 UTC 2023
On Fri, 26 May 2023 21:09:35 GMT, Mat Carter <macarte at openjdk.org> wrote:
> Added ability to load keystores from SST files on Windows. Example usage:
>
> KeyStore keyStore = KeyStore.getInstance("Windows-SST");
> try (FileInputStream fis = new FileInputStream("mykeystore.sst")) {
> keyStore.load(fis, null);
> }
>
> Note that its not limited to file streams, it can be any stream.
>
> The feature is behind a runtime flag ("sun.security.mscapi.keyStoreSSTSupport") as the KeyStore must have an input stream, but the JCK tests assume an input stream is optional
>
> tier1 tests for linux/macos/Windows for x86_64
But the `store` method works on an output stream. Once you've created a `new FileOutputStream(fileName)`, even if you do nothing later, the file is already overwritten.
Try keytool with your new keystore type and see what happens if you make any modification, say, `keytool -changealias`. (I haven't tried. I haven't tried your code on a Windows machine yet).
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14187#issuecomment-1572451281
More information about the security-dev
mailing list