open Udiff src/java.base/share/classes/sun/security/tools/keytool/Main.java

src/java.base/share/classes/sun/security/tools/keytool/Main.java

rev 48217 : 8192988: keytool should support -storepasswd for pkcs12 keystores

@@ -1056,15 +1056,10 @@
             if (keyPass != null && !Arrays.equals(storePass, keyPass)) {
                 Object[] source = {"-keypass"};
                 System.err.println(form.format(source));
                 keyPass = storePass;
             }
-            if (newPass != null && !Arrays.equals(storePass, newPass)) {
-                Object[] source = {"-new"};
-                System.err.println(form.format(source));
-                newPass = storePass;
-            }
             if (destKeyPass != null && !Arrays.equals(storePass, destKeyPass)) {
                 Object[] source = {"-destkeypass"};
                 System.err.println(form.format(source));
                 destKeyPass = storePass;
             }

@@ -1241,14 +1236,11 @@
             doPrintCert(out);
         } else if (command == SELFCERT) {
             doSelfCert(alias, dname, sigAlgName);
             kssave = true;
         } else if (command == STOREPASSWD) {
-            storePassNew = newPass;
-            if (storePassNew == null) {
-                storePassNew = getNewPasswd("keystore password", storePass);
-            }
+            doChangeStorePasswd();
             kssave = true;
         } else if (command == GENCERT) {
             if (alias == null) {
                 alias = keyAlias;
             }

@@ -2256,12 +2248,13 @@
         char[] newPass = null;
         if (destKeyPass != null) {
             newPass = destKeyPass;
             pp = new PasswordProtection(destKeyPass);
         } else if (objs.snd != null) {
-            newPass = objs.snd;
-            pp = new PasswordProtection(objs.snd);
+            newPass = P12KEYSTORE.equalsIgnoreCase(storetype) ?
+                    storePass : objs.snd;
+            pp = new PasswordProtection(newPass);
         }
 
         try {
             Certificate c = srckeystore.getCertificate(alias);
             if (c != null) {

@@ -2760,10 +2753,32 @@
             } else {
                 printCertFromStream(System.in, out);
             }
         }
     }
+
+    private void doChangeStorePasswd() throws Exception {
+        storePassNew = newPass;
+        if (storePassNew == null) {
+            storePassNew = getNewPasswd("keystore password", storePass);
+        }
+        if (P12KEYSTORE.equalsIgnoreCase(storetype)) {
+            // When storetype is PKCS12, we need to change all keypass as well
+            for (String alias : Collections.list(keyStore.aliases())) {
+                if (!keyStore.isCertificateEntry(alias)) {
+                    // keyPass should be either null or same with storePass,
+                    // but keep it in case one day we want to "normalize"
+                    // a PKCS12 keystore having different passwords.
+                    Pair<Entry, char[]> objs
+                            = recoverEntry(keyStore, alias, storePass, keyPass);
+                    keyStore.setEntry(alias, objs.fst,
+                            new PasswordProtection(storePassNew));
+                }
+            }
+        }
+    }
+
     /**
      * Creates a self-signed certificate, and stores it as a single-element
      * certificate chain.
      */
     private void doSelfCert(String alias, String dname, String sigAlgName)

< prev index next >