stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8225181: KeyStore should have a getAttributes method

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2021-12-03 18:52:17 +00:00
parent 38f525e96e
commit a729a70c01
6 changed files with 169 additions and 2 deletions
src/java.base/share/classes
java/security
KeyStore.javaKeyStoreSpi.java
sun/security
pkcs12
PKCS12KeyStore.java
provider
DomainKeyStore.java
util
KeyStoreDelegator.java
test/jdk/sun/security/pkcs12
GetAttributes.java

28
src/java.base/share/classes/java/security/KeyStore.java

@ -1020,6 +1020,34 @@ public class KeyStore {
return this.type;
}
/**
* Retrieves the attributes associated with the given alias.
*
* @param alias the alias name
* @return an unmodifiable {@code Set} of attributes. This set is
* empty if the {@code KeyStoreSpi} implementation has not overridden
* {@link KeyStoreSpi#engineGetAttributes(String)}, or the given
* alias does not exist, or there are no attributes associated
* with the alias. This set may also be empty for
* {@code PrivateKeyEntry} or {@code SecretKeyEntry}
* entries that contain protected attributes and are only available
* through the {@link Entry#getAttributes} method after the entry
* is extracted.
*
* @throws KeyStoreException if the keystore has not been initialized
* (loaded).
* @throws NullPointerException if {@code alias} is {@code null}
*
* @since 18
*/
public final Set<Entry.Attribute> getAttributes(String alias)
throws KeyStoreException {
if (!initialized) {
throw new KeyStoreException("Uninitialized keystore");
}
return keyStoreSpi.engineGetAttributes(Objects.requireNonNull(alias));
}
/**
* Returns the key associated with the given alias, using the given
* password to recover it. The key must have been associated with

29
src/java.base/share/classes/java/security/KeyStoreSpi.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -447,6 +447,33 @@ public abstract class KeyStoreSpi {
return;
}
/**
* Retrieves the attributes associated with the given alias.
*
* @implSpec
* The default implementation returns an empty {@code Set}.
* {@code KeyStoreSpi} implementations that support attributes
* should override this method.
*
* @param alias the alias name
* @return an unmodifiable {@code Set} of attributes. This set is
* empty if the given alias does not exist or there are no
* attributes associated with the alias. This set may also be
* empty for {@code PrivateKeyEntry} or {@code SecretKeyEntry}
* entries that contain protected attributes. These protected
* attributes should be populated into the result returned by
* {@link #engineGetEntry} and can be retrieved by calling
* the {@link Entry#getAttributes} method.
*
* @throws KeyStoreException if the keystore has not been initialized
* (loaded).
*
* @since 18
*/
public Set<Entry.Attribute> engineGetAttributes(String alias) {
return Collections.emptySet();
}
/**
* Gets a {@code KeyStore.Entry} for the specified alias
* with the specified protection parameter.

9
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java

@ -1307,6 +1307,15 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
stream.flush();
}
@Override
public Set<KeyStore.Entry.Attribute> engineGetAttributes(String alias) {
if (!engineContainsAlias(alias)) {
return super.engineGetAttributes(alias);
}
Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
return getAttributes(entry);
}
/**
* Gets a <code>KeyStore.Entry</code> for the specified alias
* with the specified protection parameter.

24
src/java.base/share/classes/sun/security/provider/DomainKeyStore.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -236,6 +236,28 @@ abstract class DomainKeyStore extends KeyStoreSpi {
return date;
}
@Override
public Set<KeyStore.Entry.Attribute> engineGetAttributes(String alias) {
AbstractMap.SimpleEntry<String, Collection<KeyStore>> pair =
getKeystoresForReading(alias);
Set<KeyStore.Entry.Attribute> result = Collections.emptySet();
try {
String entryAlias = pair.getKey();
for (KeyStore keystore : pair.getValue()) {
result = keystore.getAttributes(entryAlias);
if (result != null) {
break;
}
}
} catch (KeyStoreException e) {
throw new IllegalStateException(e);
}
return result;
}
/**
* Assigns the given private key to the given alias, protecting
* it with the given password as defined in PKCS8.

5
src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java

@ -129,6 +129,11 @@ public class KeyStoreDelegator extends KeyStoreSpi {
keystore.engineDeleteEntry(alias);
}
@Override
public Set<KeyStore.Entry.Attribute> engineGetAttributes(String alias) {
return keystore.engineGetAttributes(alias);
}
@Override
public Enumeration<String> engineAliases() {
return keystore.engineAliases();

76
test/jdk/sun/security/pkcs12/GetAttributes.java Normal file

@ -0,0 +1,76 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8225181
* @summary KeyStore should have a getAttributes method
* @library /test/lib
* @modules java.base/sun.security.tools.keytool
* java.base/sun.security.x509
*/
import jdk.test.lib.Asserts;
import sun.security.tools.keytool.CertAndKeyGen;
import sun.security.x509.X500Name;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
public class GetAttributes {
static char[] pass = "changeit".toCharArray();
public static void main(String[] args) throws Exception {
// Create a keystore with one private key entry and one cert entry
CertAndKeyGen cag = new CertAndKeyGen("EC", "SHA256withECDSA");
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(null, null);
cag.generate("secp256r1");
ks.setKeyEntry("a", cag.getPrivateKey(), pass, new Certificate[] {
cag.getSelfCertificate(new X500Name("CN=a"), 1000)} );
cag.generate("secp256r1");
ks.setCertificateEntry("b",
cag.getSelfCertificate(new X500Name("CN=b"), 1000));
// Test
check(ks);
// Test newly loaded
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ks.store(bos, pass);
KeyStore ks2 = KeyStore.getInstance("pkcs12");
ks2.load(new ByteArrayInputStream(bos.toByteArray()), pass);
check(ks2);
}
static void check(KeyStore ks) throws Exception {
var entry = ks.getEntry("a", new KeyStore.PasswordProtection(pass));
Asserts.assertEQ(ks.getAttributes("a"), entry.getAttributes());
entry = ks.getEntry("b", null);
Asserts.assertEQ(ks.getAttributes("b"), entry.getAttributes());
}
}