From 63663b64d1520b72221e5d5a452fa36c4a0f86cc Mon Sep 17 00:00:00 2001 From: Sean Coffey Date: Thu, 7 Feb 2019 12:09:17 +0000 Subject: [PATCH] 8218553: Enhance keystore load debug output Reviewed-by: weijun --- .../classes/apple/security/KeychainStore.java | 8 ++++++- .../com/sun/crypto/provider/JceKeyStore.java | 22 ++++++++++++++----- .../sun/security/pkcs12/PKCS12KeyStore.java | 15 +++---------- .../sun/security/provider/JavaKeyStore.java | 17 ++++++++++---- .../sun/security/pkcs11/P11KeyStore.java | 4 +++- .../sun/security/mscapi/CKeyStore.java | 10 ++++++++- 6 files changed, 52 insertions(+), 24 deletions(-) diff --git a/src/java.base/macosx/classes/apple/security/KeychainStore.java b/src/java.base/macosx/classes/apple/security/KeychainStore.java index 7ed9956b80c..9f17704508b 100644 --- a/src/java.base/macosx/classes/apple/security/KeychainStore.java +++ b/src/java.base/macosx/classes/apple/security/KeychainStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -102,6 +102,8 @@ public final class KeychainStore extends KeyStoreSpi { private static final int iterationCount = 1024; private static final int SALT_LEN = 20; + private static final Debug debug = Debug.getInstance("keystore"); + static { AccessController.doPrivileged( new PrivilegedAction() { @@ -773,6 +775,10 @@ public final class KeychainStore extends KeyStoreSpi { entries.clear(); _scanKeychain(); + if (debug != null) { + debug.println("KeychainStore load entry count: " + + entries.size()); + } } } diff --git a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java index bceb60da76d..e1ee770fa10 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ package com.sun.crypto.provider; +import sun.security.util.Debug; + import java.io.*; import java.util.*; import java.security.AccessController; @@ -59,6 +61,7 @@ import javax.crypto.SealedObject; public final class JceKeyStore extends KeyStoreSpi { + private static final Debug debug = Debug.getInstance("keystore"); private static final int JCEKS_MAGIC = 0xcececece; private static final int JKS_MAGIC = 0xfeedfeed; private static final int VERSION_1 = 0x01; @@ -680,6 +683,7 @@ public final class JceKeyStore extends KeyStoreSpi { Hashtable cfs = null; ByteArrayInputStream bais = null; byte[] encoded = null; + int trustedKeyCount = 0, privateKeyCount = 0, secretKeyCount = 0; if (stream == null) return; @@ -726,7 +730,7 @@ public final class JceKeyStore extends KeyStoreSpi { tag = dis.readInt(); if (tag == 1) { // private-key entry - + privateKeyCount++; PrivateKeyEntry entry = new PrivateKeyEntry(); // read the alias @@ -786,7 +790,7 @@ public final class JceKeyStore extends KeyStoreSpi { entries.put(alias, entry); } else if (tag == 2) { // trusted certificate entry - + trustedKeyCount++; TrustedCertEntry entry = new TrustedCertEntry(); // read the alias @@ -825,7 +829,7 @@ public final class JceKeyStore extends KeyStoreSpi { entries.put(alias, entry); } else if (tag == 3) { // secret-key entry - + secretKeyCount++; SecretKeyEntry entry = new SecretKeyEntry(); // read the alias @@ -858,10 +862,18 @@ public final class JceKeyStore extends KeyStoreSpi { entries.put(alias, entry); } else { - throw new IOException("Unrecognized keystore entry"); + throw new IOException("Unrecognized keystore entry: " + + tag); } } + if (debug != null) { + debug.println("JceKeyStore load: private key count: " + + privateKeyCount + ". trusted key count: " + + trustedKeyCount + ". secret key count: " + + secretKeyCount); + } + /* * If a password has been provided, we check the keyed digest * at the end. If this check fails, the store has been tampered diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java index 9c6623888c9..e40cffa51be 100644 --- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java +++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java @@ -2231,18 +2231,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi { } if (debug != null) { - if (privateKeyCount > 0) { - debug.println("Loaded " + privateKeyCount + - " protected private key(s)"); - } - if (secretKeyCount > 0) { - debug.println("Loaded " + secretKeyCount + - " protected secret key(s)"); - } - if (certificateCount > 0) { - debug.println("Loaded " + certificateCount + - " certificate(s)"); - } + debug.println("PKCS12KeyStore load: private key count: " + + privateKeyCount + ". secret key count: " + secretKeyCount + + ". certificate count: " + certificateCount); } certEntries.clear(); diff --git a/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java b/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java index c0a1455cf5b..49b3550ef3d 100644 --- a/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java +++ b/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,7 @@ import java.util.*; import sun.security.pkcs.EncryptedPrivateKeyInfo; import sun.security.pkcs12.PKCS12KeyStore; +import sun.security.util.Debug; import sun.security.util.IOUtils; import sun.security.util.KeyStoreDelegator; @@ -74,6 +75,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi { } } + private static final Debug debug = Debug.getInstance("keystore"); private static final int MAGIC = 0xfeedfeed; private static final int VERSION_1 = 0x01; private static final int VERSION_2 = 0x02; @@ -643,6 +645,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi { Hashtable cfs = null; ByteArrayInputStream bais = null; byte[] encoded = null; + int trustedKeyCount = 0, privateKeyCount = 0; if (stream == null) return; @@ -681,7 +684,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi { tag = dis.readInt(); if (tag == 1) { // private key entry - + privateKeyCount++; KeyEntry entry = new KeyEntry(); // Read the alias @@ -730,7 +733,7 @@ public abstract class JavaKeyStore extends KeyStoreSpi { entries.put(alias, entry); } else if (tag == 2) { // trusted certificate entry - + trustedKeyCount++; TrustedCertEntry entry = new TrustedCertEntry(); // Read the alias @@ -765,10 +768,16 @@ public abstract class JavaKeyStore extends KeyStoreSpi { entries.put(alias, entry); } else { - throw new IOException("Unrecognized keystore entry"); + throw new IOException("Unrecognized keystore entry: " + + tag); } } + if (debug != null) { + debug.println("JavaKeyStore load: private key count: " + + privateKeyCount + ". trusted key count: " + trustedKeyCount); + } + /* * If a password has been provided, we check the keyed digest * at the end. If this check fails, the store has been tampered diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java index d66262ae1b4..c9c2362bcc1 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -772,6 +772,8 @@ final class P11KeyStore extends KeyStoreSpi { } if (debug != null) { dumpTokenMap(); + debug.println("P11KeyStore load. Entry count: " + + aliasMap.size()); } } catch (KeyStoreException | PKCS11Exception e) { throw new IOException("load failed", e); diff --git a/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyStore.java b/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyStore.java index 2a79bd79542..c90fa4f4d23 100644 --- a/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyStore.java +++ b/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,6 +45,8 @@ import java.security.cert.CertificateFactory; import java.security.interfaces.RSAPrivateCrtKey; import java.util.*; +import sun.security.util.Debug; + /** * Implementation of key store for Windows using the Microsoft Crypto API. * @@ -180,6 +182,7 @@ abstract class CKeyStore extends KeyStoreSpi { private static final String KEYSTORE_COMPATIBILITY_MODE_PROP = "sun.security.mscapi.keyStoreCompatibilityMode"; private final boolean keyStoreCompatibilityMode; + private static final Debug debug = Debug.getInstance("keystore"); /* * The keystore entries. @@ -710,6 +713,11 @@ abstract class CKeyStore extends KeyStoreSpi { } catch (KeyStoreException e) { throw new IOException(e); } + + if (debug != null) { + debug.println("MSCAPI keystore load: entry count: " + + entries.size()); + } } /**