-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
19.0.2, 20.0.2, 21.0.1
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
It looks like `KeyStore.getCreationDate` returns the current date if an entry has no creation date. This also seems to affect `keytool -list`.
This behavior is not documented (it is currently unspecified how KeyStore behaves in that case) and pretty confusing.
It would therefore be good to either:
- Extend the `KeyStore.getCreationDate` documentation to mention that if the entry has no creation date, the date the keystore was loaded is returned (in case all KeyStore implementations behave that way)
- Or (personally preferred?): Extend the documentation and return `null` if no creation date exists (might cause backward compatibility issues?)
- Or (personally preferred?): Extend the `KeyStore.getCreationDate` documentation, and for all implementations change the logic to return some fixed date, e.g. the epoch start (`new Date(0)`).
This would then hopefully be less confusing than the current implementation by making it more clear that the creation date is not available.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
This can currently be seen with the `cacerts` file:
var k = KeyStore.getInstance(new File(System.getProperty("java.home"), "lib/security/cacerts"), (char[]) null);
System.out.println(k.getCreationDate(k.aliases().nextElement()));
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
It prints null or a fixed date, e.g. epoch start (see Description of this ticket)
ACTUAL -
It prints the current date, which is not actually the creation date
It looks like `KeyStore.getCreationDate` returns the current date if an entry has no creation date. This also seems to affect `keytool -list`.
This behavior is not documented (it is currently unspecified how KeyStore behaves in that case) and pretty confusing.
It would therefore be good to either:
- Extend the `KeyStore.getCreationDate` documentation to mention that if the entry has no creation date, the date the keystore was loaded is returned (in case all KeyStore implementations behave that way)
- Or (personally preferred?): Extend the documentation and return `null` if no creation date exists (might cause backward compatibility issues?)
- Or (personally preferred?): Extend the `KeyStore.getCreationDate` documentation, and for all implementations change the logic to return some fixed date, e.g. the epoch start (`new Date(0)`).
This would then hopefully be less confusing than the current implementation by making it more clear that the creation date is not available.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
This can currently be seen with the `cacerts` file:
var k = KeyStore.getInstance(new File(System.getProperty("java.home"), "lib/security/cacerts"), (char[]) null);
System.out.println(k.getCreationDate(k.aliases().nextElement()));
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
It prints null or a fixed date, e.g. epoch start (see Description of this ticket)
ACTUAL -
It prints the current date, which is not actually the creation date