JDK-7047200 : keytool safe store (was Misleading error message)
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6u25
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2011-05-22
  • Updated: 2012-09-04
  • Resolved: 2012-09-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u4Fixed 8 b06Fixed
Description
FULL PRODUCT VERSION :
java version "1.6.0_25"
Java(TM) SE Runtime Environment (build 1.6.0_25-b06)
Java HotSpot(TM) Client VM (build 20.0-b11, mixed mode, sharing)



ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.



A DESCRIPTION OF THE PROBLEM :
Why is an error being generated after I key in the password twice?
 


REGRESSION.  Last worked in version 6u25

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Command Line
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Jon>keytool -genkeypair -v -protected -alias jon -file
certif.file
What is your first and last name?
[Unknown]: Jon C.
What is the name of your organizational unit?
[Unknown]: @Jon's
What is the name of your organization?
[Unknown]: @Jon's
What is the name of your City or Locality?
[Unknown]: Birkirkara
What is the name of your State or Province?
[Unknown]: Malta(EU)
What is the two-letter country code for this unit?
[Unknown]: MT
Is CN=Jon C., OU=@Jon's, O=@Jon's, L=Birkirkara, ST=Malta(EU), C=MT correct?
[no]: yes

Generating 1,024 bit DSA key pair and self-signed certificate (SHA1withDSA) with
a validity of 90 days
for: CN=Jon C., OU=@Jon's, O=@Jon's, L=Birkirkara, ST=Malta(EU), C=MT
Enter key password for <jon>
(RETURN if same as keystore password):
Re-enter new password:
[Storing C:\Documents and Settings\Jon\.keystore]


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
PKI should be generated
ACTUAL -
Error message is displayed.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
keytool error: java.lang.IllegalArgumentException: password can't be null
java.lang.IllegalArgumentException: password can't be null
at sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:508)

at sun.security.provider.JavaKeyStore$JKS.engineStore(JavaKeyStore.java:
38)
at java.security.KeyStore.store(KeyStore.java:1117)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:901)
at sun.security.tools.KeyTool.run(KeyTool.java:171)
at sun.security.tools.KeyTool.main(KeyTool.java:165)

REPRODUCIBILITY :
This bug can be reproduced always.
Comments
EVALUATION http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0e6076fed003
09-09-2011
EVALUATION This is mainly a user error: > keytool -genkeypair -v -protected -alias jon -file certif.file 1. Does the user intent to create a new keystore certif.file? If so, please use "-keystore certif.file". 2. The default keystore type at the moment, JKS, is file-based. So, do not specify "-protected". This option is for token-based keystores which has their own special protection mechanism. Having said that, we can enhance keytool to deal with this user input error more friendly.
29-06-2011