< prev index next >
src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java
Print this page
rev 55964 : 8162628: Migrate cacerts keystore from JKS
*** 44,87 ****
private static final String KEYSTORE_TYPE_COMPAT = "keystore.type.compat";
private static final Debug debug = Debug.getInstance("keystore");
private String primaryType; // the primary keystore's type
! private String secondaryType; // the secondary keystore's type
private Class<? extends KeyStoreSpi> primaryKeyStore;
// the primary keystore's class
! private Class<? extends KeyStoreSpi> secondaryKeyStore;
// the secondary keystore's class
private String type; // the delegate's type
private KeyStoreSpi keystore; // the delegate
private boolean compatModeEnabled = true;
public KeyStoreDelegator(
String primaryType,
Class<? extends KeyStoreSpi> primaryKeyStore,
! String secondaryType,
! Class<? extends KeyStoreSpi> secondaryKeyStore) {
// Check whether compatibility mode has been disabled
compatModeEnabled = "true".equalsIgnoreCase(
AccessController.doPrivileged((PrivilegedAction<String>) () ->
Security.getProperty(KEYSTORE_TYPE_COMPAT)));
if (compatModeEnabled) {
this.primaryType = primaryType;
! this.secondaryType = secondaryType;
this.primaryKeyStore = primaryKeyStore;
! this.secondaryKeyStore = secondaryKeyStore;
} else {
this.primaryType = primaryType;
! this.secondaryType = null;
this.primaryKeyStore = primaryKeyStore;
! this.secondaryKeyStore = null;
if (debug != null) {
debug.println("WARNING: compatibility mode disabled for " +
! primaryType + " and " + secondaryType + " keystore types");
}
}
}
@Override
--- 44,87 ----
private static final String KEYSTORE_TYPE_COMPAT = "keystore.type.compat";
private static final Debug debug = Debug.getInstance("keystore");
private String primaryType; // the primary keystore's type
! private List<String> secondaryTypes; // the secondary keystore's type
private Class<? extends KeyStoreSpi> primaryKeyStore;
// the primary keystore's class
! private List<Class<? extends KeyStoreSpi>> secondaryKeyStores;
// the secondary keystore's class
private String type; // the delegate's type
private KeyStoreSpi keystore; // the delegate
private boolean compatModeEnabled = true;
public KeyStoreDelegator(
String primaryType,
Class<? extends KeyStoreSpi> primaryKeyStore,
! List<String> secondaryTypes,
! List<Class<? extends KeyStoreSpi>> secondaryKeyStores) {
// Check whether compatibility mode has been disabled
compatModeEnabled = "true".equalsIgnoreCase(
AccessController.doPrivileged((PrivilegedAction<String>) () ->
Security.getProperty(KEYSTORE_TYPE_COMPAT)));
if (compatModeEnabled) {
this.primaryType = primaryType;
! this.secondaryTypes = secondaryTypes;
this.primaryKeyStore = primaryKeyStore;
! this.secondaryKeyStores = secondaryKeyStores;
} else {
this.primaryType = primaryType;
! this.secondaryTypes = Collections.emptyList();
this.primaryKeyStore = primaryKeyStore;
! this.secondaryKeyStores = Collections.emptyList();
if (debug != null) {
debug.println("WARNING: compatibility mode disabled for " +
! primaryType + " and " + secondaryTypes + " keystore types");
}
}
}
@Override
*** 227,279 ****
if (e instanceof IOException &&
e.getCause() instanceof UnrecoverableKeyException) {
throw (IOException)e;
}
try {
- // Ignore secondary keystore when no compatibility mode
- if (!compatModeEnabled) {
- throw e;
- }
-
@SuppressWarnings("deprecation")
! KeyStoreSpi tmp= secondaryKeyStore.newInstance();
keystore = tmp;
! type = secondaryType;
bufferedStream.reset();
keystore.engineLoad(bufferedStream, password);
-
if (debug != null) {
debug.println("WARNING: switching from " +
! primaryType + " to " + secondaryType +
" keystore file format has altered the " +
"keystore security level");
}
!
} catch (InstantiationException |
IllegalAccessException e2) {
// can safely ignore
!
! } catch (IOException |
! NoSuchAlgorithmException |
! CertificateException e3) {
!
// incorrect password
! if (e3 instanceof IOException &&
! e3.getCause() instanceof UnrecoverableKeyException) {
! throw (IOException)e3;
}
- // rethrow the outer exception
if (e instanceof IOException) {
! throw (IOException)e;
} else if (e instanceof CertificateException) {
! throw (CertificateException)e;
} else if (e instanceof NoSuchAlgorithmException) {
! throw (NoSuchAlgorithmException)e;
! } else if (e instanceof RuntimeException){
throw (RuntimeException)e;
! }
}
}
if (debug != null) {
debug.println("Loaded a keystore in " + type + " format");
--- 227,276 ----
if (e instanceof IOException &&
e.getCause() instanceof UnrecoverableKeyException) {
throw (IOException)e;
}
+ if (compatModeEnabled) {
+ for (int i = 0; i < secondaryTypes.size(); i++) {
try {
@SuppressWarnings("deprecation")
! KeyStoreSpi tmp = secondaryKeyStores.get(i).newInstance();
keystore = tmp;
! type = secondaryTypes.get(i);
bufferedStream.reset();
keystore.engineLoad(bufferedStream, password);
if (debug != null) {
debug.println("WARNING: switching from " +
! primaryType + " to " + type +
" keystore file format has altered the " +
"keystore security level");
}
! e = null;
! break;
} catch (InstantiationException |
IllegalAccessException e2) {
// can safely ignore
! } catch (IOException e3) {
// incorrect password
! if (e3.getCause() instanceof UnrecoverableKeyException) {
! e = e3;
! }
! } catch (Exception e2) {
! // continue;
! }
! }
}
if (e instanceof IOException) {
! throw (IOException) e;
} else if (e instanceof CertificateException) {
! throw (CertificateException) e;
} else if (e instanceof NoSuchAlgorithmException) {
! throw (NoSuchAlgorithmException) e;
! } else if (e instanceof RuntimeException) {
throw (RuntimeException)e;
! } else if (e != null) {
! throw new IOException(e);
}
}
if (debug != null) {
debug.println("Loaded a keystore in " + type + " format");
< prev index next >