diff --git a/src/java.base/macosx/classes/apple/security/KeychainStore.java b/src/java.base/macosx/classes/apple/security/KeychainStore.java index 4509fc67db0..896799dff4b 100644 --- a/src/java.base/macosx/classes/apple/security/KeychainStore.java +++ b/src/java.base/macosx/classes/apple/security/KeychainStore.java @@ -31,6 +31,7 @@ import java.security.cert.*; import java.security.cert.Certificate; import java.security.spec.*; import java.time.Instant; +import java.time.temporal.ChronoUnit; import java.util.*; import javax.crypto.*; @@ -467,7 +468,7 @@ abstract sealed class KeychainStore extends KeyStoreSpi { synchronized(entries) { try { KeyEntry entry = new KeyEntry(); - entry.date = Instant.now(); + entry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); if (key instanceof PrivateKey) { if ((key.getFormat().equals("PKCS#8")) || @@ -545,7 +546,7 @@ abstract sealed class KeychainStore extends KeyStoreSpi { + "EncryptedPrivateKeyInfo"); } - entry.date = Instant.now(); + entry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); if ((chain != null) && (chain.length != 0)) { @@ -949,7 +950,7 @@ abstract sealed class KeychainStore extends KeyStoreSpi { if (creationDate != 0) tce.date = Instant.ofEpochMilli(creationDate); else - tce.date = Instant.now(); + tce.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); entries.put(alias.toLowerCase(Locale.ROOT), tce); } catch (Exception e) { @@ -974,7 +975,7 @@ abstract sealed class KeychainStore extends KeyStoreSpi { if (creationDate != 0) ke.date = Instant.ofEpochMilli(creationDate); else - ke.date = Instant.now(); + ke.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); // Next, create X.509 Certificate objects from the raw data. This is complicated // because a certificate's public key may be too long for Java's default encryption strength. diff --git a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java index 8e182b14429..a0bba45f5b9 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java @@ -30,6 +30,7 @@ import sun.security.util.IOUtils; import java.io.*; import java.time.Instant; +import java.time.temporal.ChronoUnit; import java.util.*; import java.security.DigestInputStream; import java.security.DigestOutputStream; @@ -280,7 +281,7 @@ public final class JceKeyStore extends KeyStoreSpi { if (key instanceof PrivateKey) { PrivateKeyEntry entry = new PrivateKeyEntry(); - entry.date = Instant.now(); + entry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); // protect the private key entry.protectedKey = keyProtector.protect((PrivateKey)key); @@ -298,7 +299,7 @@ public final class JceKeyStore extends KeyStoreSpi { } else { SecretKeyEntry entry = new SecretKeyEntry(); - entry.date = Instant.now(); + entry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); // seal and store the key entry.sealedKey = keyProtector.seal(key); @@ -341,7 +342,7 @@ public final class JceKeyStore extends KeyStoreSpi { // We assume it's a private key, because there is no standard // (ASN.1) encoding format for wrapped secret keys PrivateKeyEntry entry = new PrivateKeyEntry(); - entry.date = Instant.now(); + entry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); entry.protectedKey = key.clone(); if ((chain != null) && @@ -386,7 +387,7 @@ public final class JceKeyStore extends KeyStoreSpi { TrustedCertEntry trustedCertEntry = new TrustedCertEntry(); trustedCertEntry.cert = cert; - trustedCertEntry.date = Instant.now(); + trustedCertEntry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); entries.put(alias.toLowerCase(Locale.ENGLISH), trustedCertEntry); } } diff --git a/src/java.base/share/classes/java/security/KeyStore.java b/src/java.base/share/classes/java/security/KeyStore.java index bb2c9f741a1..5bb98b2b217 100644 --- a/src/java.base/share/classes/java/security/KeyStore.java +++ b/src/java.base/share/classes/java/security/KeyStore.java @@ -1184,8 +1184,8 @@ public class KeyStore { /** * Returns the creation date of the entry identified by the given alias. *

- * This method returns a Date, which is mutable and more error-prone. - * Use {@link #getCreationInstant(String)} instead. + * It is recommended to use the {@link #getCreationInstant(String)} + * method instead. * * @param alias the alias name * diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java index e27e60e82f7..b4346951109 100644 --- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java +++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java @@ -36,6 +36,7 @@ import java.security.spec.InvalidParameterSpecException; import java.security.spec.KeySpec; import java.security.spec.PKCS8EncodedKeySpec; import java.time.Instant; +import java.time.temporal.ChronoUnit; import java.util.*; import javax.crypto.Cipher; import javax.crypto.SecretKey; @@ -213,7 +214,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { CertEntry(X509Certificate cert, byte[] keyId, String alias, ObjectIdentifier[] trustedKeyUsage, Set attributes) { - this.date = Instant.now(); + this.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); this.cert = cert; this.keyId = keyId; this.alias = alias; @@ -626,7 +627,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { checkX509Certs(chain); PrivateKeyEntry keyEntry = new PrivateKeyEntry(); - keyEntry.date = Instant.now(); + keyEntry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); if ((key.getFormat().equals("PKCS#8")) || (key.getFormat().equals("PKCS8"))) { @@ -671,7 +672,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { } else if (key instanceof SecretKey) { SecretKeyEntry keyEntry = new SecretKeyEntry(); - keyEntry.date = Instant.now(); + keyEntry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); // Encode secret key in a PKCS#8 DerOutputStream secretKeyInfo = new DerOutputStream(); @@ -765,7 +766,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { } PrivateKeyEntry entry = new PrivateKeyEntry(); - entry.date = Instant.now(); + entry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); if (debug != null) { debug.println("Setting a protected private key at alias '" + @@ -2443,7 +2444,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { } } if (instant == null) { - instant = Instant.now(); + instant = Instant.now().truncatedTo(ChronoUnit.MILLIS); } entry.date = instant; diff --git a/src/java.base/share/classes/sun/security/provider/DomainKeyStore.java b/src/java.base/share/classes/sun/security/provider/DomainKeyStore.java index adf7e3a7bc6..ad0f6a4a5ed 100644 --- a/src/java.base/share/classes/sun/security/provider/DomainKeyStore.java +++ b/src/java.base/share/classes/sun/security/provider/DomainKeyStore.java @@ -215,24 +215,8 @@ abstract class DomainKeyStore extends KeyStoreSpi { * not exist */ public Date engineGetCreationDate(String alias) { - - AbstractMap.SimpleEntry> pair = - getKeystoresForReading(alias); - Date date = null; - - try { - String entryAlias = pair.getKey(); - for (KeyStore keystore : pair.getValue()) { - date = keystore.getCreationDate(entryAlias); - if (date != null) { - break; - } - } - } catch (KeyStoreException e) { - throw new IllegalStateException(e); - } - - return date; + final Instant instant = this.engineGetCreationInstant(alias); + return (instant == null) ? null : Date.from(instant); } /** diff --git a/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java b/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java index f992c15474c..2bbdc238c60 100644 --- a/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java +++ b/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java @@ -31,6 +31,7 @@ import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.CertificateException; import java.time.Instant; +import java.time.temporal.ChronoUnit; import java.util.*; import static java.nio.charset.StandardCharsets.UTF_8; @@ -306,7 +307,7 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi { try { synchronized(entries) { KeyEntry entry = new KeyEntry(); - entry.date = Instant.now(); + entry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); // Protect the encoding of the key passwordBytes = convertToBytes(password); @@ -369,7 +370,7 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi { } KeyEntry entry = new KeyEntry(); - entry.date = Instant.now(); + entry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); entry.protectedPrivKey = key.clone(); if ((chain != null) && @@ -410,7 +411,7 @@ public abstract sealed class JavaKeyStore extends KeyStoreSpi { TrustedCertEntry trustedCertEntry = new TrustedCertEntry(); trustedCertEntry.cert = cert; - trustedCertEntry.date = Instant.now(); + trustedCertEntry.date = Instant.now().truncatedTo(ChronoUnit.MILLIS); entries.put(convertAlias(alias), trustedCertEntry); } } diff --git a/test/jdk/java/security/KeyStore/TestKeyStoreBasic.java b/test/jdk/java/security/KeyStore/TestKeyStoreBasic.java index cdbbe15adf0..e39793cf1b7 100644 --- a/test/jdk/java/security/KeyStore/TestKeyStoreBasic.java +++ b/test/jdk/java/security/KeyStore/TestKeyStoreBasic.java @@ -300,10 +300,7 @@ public class TestKeyStoreBasic { alias = ALIAS_HEAD + k; final Instant instant1 = o1.getCreationInstant(alias); final Instant instant2 = o2.getCreationInstant(alias); - final int diff = instant1.compareTo(instant2); - // There could be a difference in nano seconds on some machines - // so comparing with precision of 1 ms - if (!(diff >= 0 && diff <= 1000000)) { + if (!(instant1.equals(instant2))) { throw new RuntimeException("ERROR: entry creation time (" + k + ") differs Instants {" + instant1 + " - "