JDK-8192987 : keytool should remember real storetype if it is not provided
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- Submitted: 2017-12-04
- Updated: 2018-10-16
- Resolved: 2017-12-08
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 10 | JDK 8 |
|---|---|
10 b36Fixed  |
8u162Fixed |
Related Reports
|
Duplicate :
|
|
|
Relates :
|
|
|
Relates :
|
Description
When -storetype is not provided, keytool now uses type probing to load a file-based keystore. However, the real storetype is never remembered and keytool is still using the default storetype ("pkcs12") to validate command and options, and some special pkcs12-only restrictions (For example, keypass and storepass must be same) might be incorrectly enforced on a non-pkcs12 keystore.
For example:
$ keytool -keystore ks -genkeypair -alias a -dname CN=a -storepass changeit -keypass changeit -storetype jks
$ keytool -keystore ks -keypasswd
keytool error: java.lang.UnsupportedOperationException: -keypasswd commands not supported if -storetype is PKCS12