< prev index next >

src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java

Print this page
rev 55964 : 8162628: Migrate cacerts keystore from JKS

*** 44,87 **** private static final String KEYSTORE_TYPE_COMPAT = "keystore.type.compat"; private static final Debug debug = Debug.getInstance("keystore"); private String primaryType; // the primary keystore's type ! private String secondaryType; // the secondary keystore's type private Class<? extends KeyStoreSpi> primaryKeyStore; // the primary keystore's class ! private Class<? extends KeyStoreSpi> secondaryKeyStore; // the secondary keystore's class private String type; // the delegate's type private KeyStoreSpi keystore; // the delegate private boolean compatModeEnabled = true; public KeyStoreDelegator( String primaryType, Class<? extends KeyStoreSpi> primaryKeyStore, ! String secondaryType, ! Class<? extends KeyStoreSpi> secondaryKeyStore) { // Check whether compatibility mode has been disabled compatModeEnabled = "true".equalsIgnoreCase( AccessController.doPrivileged((PrivilegedAction<String>) () -> Security.getProperty(KEYSTORE_TYPE_COMPAT))); if (compatModeEnabled) { this.primaryType = primaryType; ! this.secondaryType = secondaryType; this.primaryKeyStore = primaryKeyStore; ! this.secondaryKeyStore = secondaryKeyStore; } else { this.primaryType = primaryType; ! this.secondaryType = null; this.primaryKeyStore = primaryKeyStore; ! this.secondaryKeyStore = null; if (debug != null) { debug.println("WARNING: compatibility mode disabled for " + ! primaryType + " and " + secondaryType + " keystore types"); } } } @Override --- 44,87 ---- private static final String KEYSTORE_TYPE_COMPAT = "keystore.type.compat"; private static final Debug debug = Debug.getInstance("keystore"); private String primaryType; // the primary keystore's type ! private List<String> secondaryTypes; // the secondary keystore's type private Class<? extends KeyStoreSpi> primaryKeyStore; // the primary keystore's class ! private List<Class<? extends KeyStoreSpi>> secondaryKeyStores; // the secondary keystore's class private String type; // the delegate's type private KeyStoreSpi keystore; // the delegate private boolean compatModeEnabled = true; public KeyStoreDelegator( String primaryType, Class<? extends KeyStoreSpi> primaryKeyStore, ! List<String> secondaryTypes, ! List<Class<? extends KeyStoreSpi>> secondaryKeyStores) { // Check whether compatibility mode has been disabled compatModeEnabled = "true".equalsIgnoreCase( AccessController.doPrivileged((PrivilegedAction<String>) () -> Security.getProperty(KEYSTORE_TYPE_COMPAT))); if (compatModeEnabled) { this.primaryType = primaryType; ! this.secondaryTypes = secondaryTypes; this.primaryKeyStore = primaryKeyStore; ! this.secondaryKeyStores = secondaryKeyStores; } else { this.primaryType = primaryType; ! this.secondaryTypes = Collections.emptyList(); this.primaryKeyStore = primaryKeyStore; ! this.secondaryKeyStores = Collections.emptyList(); if (debug != null) { debug.println("WARNING: compatibility mode disabled for " + ! primaryType + " and " + secondaryTypes + " keystore types"); } } } @Override
*** 227,279 **** if (e instanceof IOException && e.getCause() instanceof UnrecoverableKeyException) { throw (IOException)e; } try { - // Ignore secondary keystore when no compatibility mode - if (!compatModeEnabled) { - throw e; - } - @SuppressWarnings("deprecation") ! KeyStoreSpi tmp= secondaryKeyStore.newInstance(); keystore = tmp; ! type = secondaryType; bufferedStream.reset(); keystore.engineLoad(bufferedStream, password); - if (debug != null) { debug.println("WARNING: switching from " + ! primaryType + " to " + secondaryType + " keystore file format has altered the " + "keystore security level"); } ! } catch (InstantiationException | IllegalAccessException e2) { // can safely ignore ! ! } catch (IOException | ! NoSuchAlgorithmException | ! CertificateException e3) { ! // incorrect password ! if (e3 instanceof IOException && ! e3.getCause() instanceof UnrecoverableKeyException) { ! throw (IOException)e3; } - // rethrow the outer exception if (e instanceof IOException) { ! throw (IOException)e; } else if (e instanceof CertificateException) { ! throw (CertificateException)e; } else if (e instanceof NoSuchAlgorithmException) { ! throw (NoSuchAlgorithmException)e; ! } else if (e instanceof RuntimeException){ throw (RuntimeException)e; ! } } } if (debug != null) { debug.println("Loaded a keystore in " + type + " format"); --- 227,276 ---- if (e instanceof IOException && e.getCause() instanceof UnrecoverableKeyException) { throw (IOException)e; } + if (compatModeEnabled) { + for (int i = 0; i < secondaryTypes.size(); i++) { try { @SuppressWarnings("deprecation") ! KeyStoreSpi tmp = secondaryKeyStores.get(i).newInstance(); keystore = tmp; ! type = secondaryTypes.get(i); bufferedStream.reset(); keystore.engineLoad(bufferedStream, password); if (debug != null) { debug.println("WARNING: switching from " + ! primaryType + " to " + type + " keystore file format has altered the " + "keystore security level"); } ! e = null; ! break; } catch (InstantiationException | IllegalAccessException e2) { // can safely ignore ! } catch (IOException e3) { // incorrect password ! if (e3.getCause() instanceof UnrecoverableKeyException) { ! e = e3; ! } ! } catch (Exception e2) { ! // continue; ! } ! } } if (e instanceof IOException) { ! throw (IOException) e; } else if (e instanceof CertificateException) { ! throw (CertificateException) e; } else if (e instanceof NoSuchAlgorithmException) { ! throw (NoSuchAlgorithmException) e; ! } else if (e instanceof RuntimeException) { throw (RuntimeException)e; ! } else if (e != null) { ! throw new IOException(e); } } if (debug != null) { debug.println("Loaded a keystore in " + type + " format");
< prev index next >