-
Type:
Bug
-
Resolution: Not an Issue
-
Priority:
P5
-
None
-
Affects Version/s: None
-
Component/s: security-libs
-
None
-
beta
-
generic
-
generic
There is a strange feature at the implementation of the JEP166 (http://openjdk.java.net/jeps/166)
I create & keystore:
KeyStore ks = KeyStore.getInstance(type);
FileInputStream fin = new FileInputStream("keystore.my");
ks.load(fin, passwd.toCharArray());
After that ks.getType() returns the 'type' value (when type is "jks" or "pkcs12"). It doesn't depend on the real format of keystore in the file "keystore.my".
I think this behavior can be very surprising for users.
It is possible that application receives keystore file from 3d party, converts it (if required) and sends to clients. In this use case application cannot make determine a keystore type by JDK security API.
I create & keystore:
KeyStore ks = KeyStore.getInstance(type);
FileInputStream fin = new FileInputStream("keystore.my");
ks.load(fin, passwd.toCharArray());
After that ks.getType() returns the 'type' value (when type is "jks" or "pkcs12"). It doesn't depend on the real format of keystore in the file "keystore.my".
I think this behavior can be very surprising for users.
It is possible that application receives keystore file from 3d party, converts it (if required) and sends to clients. In this use case application cannot make determine a keystore type by JDK security API.