JDK-4389689 : implicit assumption in keymanagerfactory: keys are protected with same password
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: unknown,6
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic,windows_xp
  • CPU: generic,x86
  • Submitted: 2000-11-15
  • Updated: 2009-06-09
  • Resolved: 2004-09-16
Related Reports
Duplicate :  
JDK-5067456 - Need X509KeyManager that supports KeyStoreBuilderParameters
Relates :  
JDK-4961104 - Modify the KeyStore.Builder API
Description
The KeyManagerFactory API right now has room for one password, therefore
if there are any keys in a keystore which are protected by a different password, 
we throw:

	java.security.UnrecoverableKeyException: Cannot recover key
	at sun.security.provider.KeyProtector.recover(KeyProtector.java:304)
	at ...

The workaround is to have all entries protected by the same key, but
this may not be approrpriate in all situations.  Either the API should
change, or this should be documented.

Brad
Comments
EVALUATION With the addition of the new KeyManagerFactory.init(ManagerFactoryParams) method, you could be able to create callbacks which allow you to specify the keystore parameters in this way. === As of Tiger (JDK 5.0) this is possible by using the "NewSunX509" JSSE KeyManager in combination with an appropriately customized subclass of java.security.KeyStore.Builder. See 5067456 and 4961104. ###@###.### 2004-09-15
15-09-2004