Name: gm110360 Date: 07/08/2003


FULL PRODUCT VERSION :
java version "1.4.2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-b28)
Java HotSpot(TM) Client VM (build 1.4.2-b28, mixed mode)


FULL OS VERSION :
Linux kolli.hds.se 2.4.21-0.13mdk #1 Fri Mar 14 15:08:06 EST 2003 i686 unknown unknown GNU/Linux

A DESCRIPTION OF THE PROBLEM :
The JCEKS keystore format produced by JDK 1.4.2 is not compatible with previous JDK versions, i.e. 1.4.1_01. A keystore file created by an older version can not be read by 1.4.2, and a keystore file created by 1.4.2 can not be read by older versions.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
A) Run the provided test case with JDK 1.4.1 with the arguments "write test1", then run with JDK 1.4.2 with the arguments "read test1".

B) Run the test case with JDK 1.4.2 with the arguments "write test2", and then run with JDK 1.4.1 with the arguments "read test2".

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The test case should not produce any output and not throw any exceptions.
ACTUAL -
The test case failed and threw an exception in both scenarios.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
A) Exception in thread "main" java.io.StreamCorruptedException: invalid stream header
        at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:737)
        at java.io.ObjectInputStream.<init>(ObjectInputStream.java:253)
        at com.sun.crypto.provider.JceKeyStore.engineLoad(DashoA6275)
        at java.security.KeyStore.load(KeyStore.java:652)
        at Test.main(Test.java:22)

B) Exception in thread "main" java.io.IOException: Invalid keystore format
        at com.sun.crypto.provider.JceKeyStore.engineLoad(DashoA6275)
        at java.security.KeyStore.load(KeyStore.java:652)
        at Test.main(Test.java:22)

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.*;
import java.security.*;
import java.security.cert.Certificate;
import java.util.Enumeration;

public class Test {
   static char[] password = "abc123".toCharArray();

   public static void main(String[] args) throws Exception {
      if ("read".equalsIgnoreCase(args[0])) {
         InputStream fIn = new FileInputStream(args[1]);
         KeyStore keyStore = KeyStore.getInstance("JCEKS");
         keyStore.load(fIn, password);

         Enumeration enum = keyStore.aliases();
         while (enum.hasMoreElements()) {
            String alias = (String) enum.nextElement();
            System.out.println("Found alias: " + alias);
            if (keyStore.isKeyEntry(alias)) {
               Key key = keyStore.getKey(alias, password);
               System.out.println(alias + " key algorithm: " + key.getAlgorithm());
               System.out.println(alias + " key format: " + key.getFormat());
            }
            if (keyStore.isCertificateEntry(alias)) {
               Certificate cert = keyStore.getCertificate(alias);
               System.out.println(alias + " cert type: " + cert.getType());
            }
         }

      } else if ("write".equalsIgnoreCase(args[0])) {
         KeyStore keyStore = KeyStore.getInstance("JCEKS");
         keyStore.load(null, password);

         FileOutputStream output = new FileOutputStream(args[1]);
         keyStore.store(output, password);
      }
   }
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Keys can be exported to an encoded format from an old keystore with an old JDK, and then imported to a new keystore with JDK 1.4.2.
(Review ID: 189723)
======================================================================