JDK-6324932 : MS CAPI keystore support (Keytool) - failed with improper return codes & exception messages
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: solaris
  • CPU: sparc
  • Submitted: 2005-09-16
  • Updated: 2010-05-10
  • Resolved: 2006-06-12
Related Reports
Duplicate :  
JDK-6415696 - KeyTool deletes alias entry when -changealias used for Windows-My Sub Store of MSCAPI KeyStore
Description
1] DELETING ENTRY
keytool -keystore NONE -storetype My -storepass password -provider sun.security.mscapi.SunMSCAPI -delete -v -alias srikarCert
throws an exception as under :
keytool error: java.io.IOException: Keystore cannot be stored into a stream.

In reality it does delete - technically, it works correctly - shows wrong return code & exception message

2] CHANGE ALIAS
keytool.exe -keystore NONE -storepass password -provider sun.security.mscapi.SunMSCAPI -storetype My -changealias -v -alias BRUCE_LEE -destalias TOMMY_LEE

keytool error: java.lang.UnsupportedOperationException: Cannot assign the key to the given alias.

The original Alias is deleted from the keystore ---- which is a wrong behaviour 

3]  STORING TRUSTED CERTS
Scenario One:
keytool.exe -keystore NONE -storepass password -provider sun.security.mscapi.SunMSCAPI -storetype My -importcert -v -alias BRUCE_LEE -file certs/srikarsagi.cer

throws an exception as under:  keytool error: java.io.IOException: Keystore cannot be stored into a stream.

However, it does store the trusted entry with the given name

Scenario Two:
keytool.exe -keystore NONE -storepass password -provider sun.security.mscapi.SunMSCAPI -storetype My -importcert -v -alias JET_LEE -file certs/srikarsagi.cer

even if "-noprompt" is used instead of storing the same trusted entry with a different alias name, keytool replaces the cert.

"is this the right behaviour ??????"

4] CERTIFICATE SIGNING REQUEST
Before requesting the CSR - details of Alias "srikarCert" which is a self signed cert in My Store

srikarCert, Aug 30, 2005, PrivateKeyEntry,
Certificate fingerprint (MD5): 07:0D:06:25:D7:74:23:83:8B:24:D7:0C:89:7E:6A:1D

keytool.exe -keystore NONE -storepass password -provider sun.security.mscapi.SunMSCAPI -storetype My -certreq -v -alias srikarCert -file certs/CSROfsrikar.csr
Enter key password for <srikarCert>password
keytool error: java.security.UnrecoverableKeyException: Password must be null


5] IMPORTING OTHER KEYSTORES INTO MS-CAPI KEYSTORE
it does store a PKCS12 or PFX file read from the file system, with given alias but exits with wrong return code & with an exception message.