8383813: pkcs12 keystore fails to load because of incorrect DER length-encoding

Reviewed-by: weijun, myankelevich
2026-05-16 08:29:34 +00:00 · 2026-05-11 13:31:09 +00:00 · 2026-05-11 13:31:09 +00:00 · d204824268
commit d204824268
parent aedcac949a
4 changed files with 20 additions and 7 deletions
--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@ -2503,6 +2503,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
     * 30 80 02 01 03 30 80 06 09 2A 86 48 86 F7 0D 01 07 01 A0 80 24 80 04 --
     * 30 82 -- -- 02 01 03 30 82 -- -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 8-
     * 30 -- 02 01 03 30 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 -- 04 -- -- --
+     * 30 81 -- 02 01 03 30 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 -- 04 -- --
     * 30 81 -- 02 01 03 30 81 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 81 -- 04
     * 30 82 -- -- 02 01 03 30 81 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 81 --
     * 30 83 -- -- -- 02 01 03 30 82 -- -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0
@ -2515,6 +2516,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
        { 0x3080020103308006L, 0x092A864886F70D01L, 0x0701A08024800400L },
        { 0x3082000002010330L, 0x82000006092A8648L, 0x86F70D010701A080L },
        { 0x3000020103300006L, 0x092A864886F70D01L, 0x0701A00004000000L },
+        { 0x3081000201033000L, 0x06092A864886F70DL, 0x010701A000040000L },
        { 0x3081000201033081L, 0x0006092A864886F7L, 0x0D010701A0810004L },
        { 0x3082000002010330L, 0x810006092A864886L, 0xF70D010701A08100L },
        { 0x3083000000020103L, 0x3082000006092A86L, 0x4886F70D010701A0L },
@ -2527,6 +2529,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
        { 0xFFFFFFFFFFFFFFFFL, 0xFFFFFFFFFFFFFFFFL, 0xFFFFFFFFFFFFFF00L },
        { 0xFFFF0000FFFFFFFFL, 0xFF0000FFFFFFFFFFL, 0xFFFFFFFFFFFFFFF0L },
        { 0xFF00FFFFFFFF00FFL, 0xFFFFFFFFFFFFFFFFL, 0xFFFFFF00FF000000L },
+        { 0xFFFF00FFFFFFFF00L, 0xFFFFFFFFFFFFFFFFL, 0xFFFFFFFF00FF0000L },
        { 0xFFFF00FFFFFFFFFFL, 0x00FFFFFFFFFFFFFFL, 0xFFFFFFFFFFFF00FFL },
        { 0xFFFF0000FFFFFFFFL, 0xFF00FFFFFFFFFFFFL, 0xFFFFFFFFFFFFFF00L },
        { 0xFFFF000000FFFFFFL, 0xFFFF0000FFFFFFFFL, 0xFFFFFFFFFFFFFFFFL },
--- a/test/jdk/java/security/KeyStore/ProbeKeystores.java
+++ b/test/jdk/java/security/KeyStore/ProbeKeystores.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2026, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -23,8 +23,11 @@

 /*
 * @test
- * @bug 8044445 8194307 8207318
+ * @bug 8044445 8194307 8207318 8383813
 * @summary test new methods from JEP-229: Create PKCS12 Keystores by Default
+ * @run main ProbeKeystores
+ * @run main/othervm -Dkeystore.pkcs12.macAlgorithm=HmacPBESHA256 ProbeKeystores
+ * @run main/othervm -Dkeystore.pkcs12.macAlgorithm=PBEWithHmacSHA256 ProbeKeystores
 */

 import java.io.*;
--- a/test/jdk/sun/security/provider/KeyStore/WrongStoreType.java
+++ b/test/jdk/sun/security/provider/KeyStore/WrongStoreType.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2026, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -23,8 +23,11 @@

 /*
 * @test
- * @bug 8234744
+ * @bug 8234744 8383813
 * @summary KeyStore.store can write wrong type of file
+ * @run main WrongStoreType
+ * @run main/othervm -Dkeystore.pkcs12.macAlgorithm=HmacPBESHA256 WrongStoreType
+ * @run main/othervm -Dkeystore.pkcs12.macAlgorithm=PBEWithHmacSHA256 WrongStoreType
 */

 import java.io.File;
@ -45,7 +48,9 @@ public class WrongStoreType {
        ks.load(null, null);
        System.out.println(ks.getType());

-        Files.createFile(Path.of("emptyfile"));
+        Path emptyfile = Path.of("emptyfile");
+        Files.deleteIfExists(emptyfile);
+        Files.createFile(emptyfile);
        try (InputStream in = new FileInputStream("emptyfile")) {
            ks.load(in, password);
        } catch (Exception e) {
--- a/test/jdk/sun/security/tools/keytool/CloseFile.java
+++ b/test/jdk/sun/security/tools/keytool/CloseFile.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2026, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -23,12 +23,14 @@

 /*
 * @test
- * @bug 6489721
+ * @bug 6489721 8383813
 * @summary keytool has not closed several file streams
 * @author weijun.wang
 * @modules java.base/sun.security.tools.keytool
 * @compile -XDignore.symbol.file CloseFile.java
 * @run main CloseFile
+ * @run main/othervm -Dkeystore.pkcs12.macAlgorithm=HmacPBESHA256 CloseFile
+ * @run main/othervm -Dkeystore.pkcs12.macAlgorithm=PBEWithHmacSHA256 CloseFile
 *
 * This test is only useful on Windows, which fails before the fix and succeeds
 * after it. On other platforms, it always passes.