harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anton Rusanov (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HARMONY-615) java.security.KeyStoreSpi.engineEntryInstanceOf(..) doesn't distinguish PrivateKeyEntry and SecretKeyEntry
Date Fri, 23 Jun 2006 08:39:30 GMT
    [ http://issues.apache.org/jira/browse/HARMONY-615?page=comments#action_12417439 ] 

Anton Rusanov commented on HARMONY-615:

It is impossible to compare the behavior of the method on pure RI, because Sun provider does
not support KeyStore.SecretKeyEntry, it just throws a KeyStoreException if an attempt to set
such entry in KeyStore is performed (on step of setting the entry its type can be be obtained
by checking the type of the key). 
But the case can be reproduced if run the test on RI with BouncyCastle provider installed.
The test succeeds in this environment and fails on Harmony with BouncyCastle. 
Current implementation of KeyStoreSpi in Harmony after checking if the alias points to a key
entry, doesn't try to get any more info about the entry, but just checks if the type given
as second parameter is (or is an ancestor of) one of SecretKeyEntry or PrivateKeyEntry. 
The patch lets KeyStoreSpi.engineEntryInstanceOf(..) method distinguish PrivateKeyEntry and
SecretKeyEntry based on the knowledge if the entry has a certificate or not. This way looks
like the only one available. However, some providers, such as BouncyCastle, let the user save
secret key entry with a certificate chain, but this opportunity seems to be strange and unused
in most cases. Anyway this patch will let the method work more properly than it works now.

> java.security.KeyStoreSpi.engineEntryInstanceOf(..) doesn't distinguish PrivateKeyEntry
and SecretKeyEntry
> ----------------------------------------------------------------------------------------------------------
>          Key: HARMONY-615
>          URL: http://issues.apache.org/jira/browse/HARMONY-615
>      Project: Harmony
>         Type: Bug

>   Components: Classlib
>     Reporter: Anton Rusanov

> The method can only tell the difference between a certificate entry and a key entry,
but doesn't distinguish KeyStore.PrivateKeyEntry and KeyStore.SecretKeyEntry.
> Test case that reveals the problem is down here:
> import java.security.*;
> import javax.crypto.*;
> public class KeyStoreSpi_engineEntryInstanceOfTest {
>     public static void main(String[] args) throws Exception {
>         // create a KeyStore
>         KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
>         keyStore.load(null, "pwd".toCharArray());
>         // genarate a key
>         KeyGenerator keyGen = KeyGenerator.getInstance("DES");
>         keyGen.init(56);
>         SecretKey secretKey = keyGen.generateKey();
>         // put the key into keystore
>         String alias = "alias";
>         keyStore.setKeyEntry(alias, secretKey, "pwd".toCharArray(), null);
>         // check if it is a secret key
>         if (keyStore.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) {
>             System.out.println("OK");
>         }
>         // check if it is a private key
>         if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
>             System.out.println("TEST FAILED");
>         }
>     }
> }
> The good way to check if the entry is an instance of the given class would be to get
the entry from the keystore and call instanceof. But there is not enough data to do the check
in this way, because password is required to get the entry, and there is no such parameter.
So check if the entry has certificate chain in it or not seems to be the only way to distinguish
KeyStore.PrivateKeyEntry and KeyStore.SecretKeyEntry.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message