JDK-8287422 : Add KeyStore.LoadStoreParameter to fail if certificates cannot be decrypted
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 18
  • Priority: P4
  • Status: New
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2022-05-26
  • Updated: 2022-06-01
Related Reports
Relates :  
JDK-8194702 - pkcs12 can be loaded with null password but certificates are missing
Description
A DESCRIPTION OF THE PROBLEM :
Relates to JDK-8194702

Currently, when a PKCS12 keystore containing encrypted certificates is loaded without a keystore password, the certificates are silently omitted, see:
https://github.com/openjdk/jdk/blob/7cb368b34df97614f0d208b8b0b93aa714a49282/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#L2056-L2078

This behavior is quite error-prone and can make it difficult to troubleshoot keystore issues. Since that default behavior can most likely not be changed, it would be good to introduce a new method for KeyStore.LoadStoreParameter, for example `failForUnencryptableCertificates` (or similar). It could be implemented as an interface default method which returns `false` (for backward compatibility).
This way users could choose to fail fast to detect early when certificates would be missing from a keystore.

Depending on whether other keystore types have the same or similar problems, maybe the KeyStore.LoadStoreParameter method could also be more general.
Comments
Moved to JDK for more evaluations.
27-05-2022