Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8046777

apple.security.KeychainStore has a problem searching for identities

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 9
    • None
    • security-libs
    • None

        This is a bug reported on http://mail.openjdk.java.net/pipermail/macosx-port-dev/2014-June/006642.html. Attachment sent in a separate mail.

        There is a bug in the native KeystoreImpl that it only searches for identities that have a key usage of “Any” using CSSM_KEYUSE_ANY instead of passing `0` to the SecIdentitySearchCreate keychain function. Refer to line 282 in [1]. This will exclude all identities that have a specific key usage set such as “Encrypt, Verify, Wrap, Derive”.


        [1] http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/macosx/native/apple/security/KeystoreImpl.m

        I have also found issues with instances of KeyEntry that have an empty array for the “chain” property causing index out of bounds exceptions. See attached patch.

              vinnie Vincent Ryan
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: