8383813: pkcs12 keystore fails to load because of incorrect DER length-encoding

[mcpowers]

https://bugs.openjdk.org/browse/JDK-8383813

---

• I confirm that I make this contribution in accordance with the OpenJDK Interim AI Policy.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8383813: pkcs12 keystore fails to load because of incorrect DER length-encoding (Bug - P3)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/31031/head:pull/31031
$ git checkout pull/31031

Update a local copy of the PR:
$ git checkout pull/31031
$ git pull https://git.openjdk.org/jdk.git pull/31031/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 31031

View PR using the GUI difftool:
$ git pr show -t 31031

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/31031.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back mpowers! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@mcpowers The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 00: Full (716c50e7)

[mcpowers]

After PBMAC1 is enabled (keystore.pkcs12.macAlgorithm = PBEWithHmacSHA256),
the following tests will fail without this fix:

open/test/jdk/sun/security/tools/keytool/CloseFile.java
open/test/jdk/sun/security/provider/KeyStore/WrongStoreType.java
open/test/jdk/java/security/KeyStore/ProbeKeystores.java

[myankelev]

I think there needs to be a test case which will try to load the keystore causing the issues now. Especially since it's already known

[myankelev]

I think there needs to be a test case which will try to load the keystore causing the issues now. Especially since it's already known

Or just another @run with keystore.pkcs12.macAlgorithm = PBEWithHmacSHA256 in

open/test/jdk/sun/security/tools/keytool/CloseFile.java
open/test/jdk/sun/security/provider/KeyStore/WrongStoreType.java
open/test/jdk/java/security/KeyStore/ProbeKeystores.java

[seanjmullan]

I think there needs to be a test case which will try to load the keystore causing the issues now. Especially since it's already known

Or just another @run with keystore.pkcs12.macAlgorithm = PBEWithHmacSHA256 in

open/test/jdk/sun/security/tools/keytool/CloseFile.java
open/test/jdk/sun/security/provider/KeyStore/WrongStoreType.java
open/test/jdk/java/security/KeyStore/ProbeKeystores.java

Yes, I also think that is needed.