JDK-6416879 : keytool can only access keystores supported by -providerClass when it's specified
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_2003
  • CPU: x86
  • Submitted: 2006-04-24
  • Updated: 2010-11-04
  • Resolved: 2006-05-08
Related Reports
Duplicate :  
JDK-6414980 - ECC Updates
Description
When -providerClass is specified with keytool, it will only try to load keystores that's supported by this security provider. However, in keytool.html, we have --

  -providerClass <provider_class_name>
      Used to specify the name of cryptographic service provider's master class file when the service provider is not listed in the security properties file.

which means the option is not only for storetype, but for all kinds of algorithms.

This bug prevents generating/saving keypairs from a non-"java.security" provider into a JKS keystore. For example, the newly supported NSS EC.
Comments
EVALUATION This bug was introduced by the following codes in KeyTool.java that perform an "automatic" filling of -providerName when a -providerClass was specified. if (providerName == null) { providerName = (Provider)p.getName(); } These lines have just been removed as a part of another code change.
08-05-2006
EVALUATION In KeyTool, we have -- if (providerName == null) { keyStore = KeyStore.getInstance(storetype); } else { keyStore = KeyStore.getInstance(storetype, providerName); } maybe the else block should be -- try { keyStore = KeyStore.getInstance(storetype, providerName); } catch (KeyStoreException kse) { keyStore = KeyStore.getInstance(storetype); }
24-04-2006