Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6483657

MSCAPI provider does not create unique alias names

    Details

    • Subcomponent:
    • Resolved In Build:
      b113
    • CPU:
      x86
    • OS:
      windows_2000, windows_xp, windows_7

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.6.0-rc"
        Java(TM) SE Runtime Environment (build 1.6.0-rc-b101)
        Java HotSpot(TM) Client VM (build 1.6.0-rc-b101, mixed mode, sharing)

        ADDITIONAL OS VERSION INFORMATION :
        Windows 2000 english fully patched

        A DESCRIPTION OF THE PROBLEM :
        The new keystore provider "MSCAPI" does not create uniqe aliase names if several keystore entries with the same subject are located in the windows certificate store.
        In such a case only the first keystore entry can be accessed. The other keystore entries are inaccessible because the selection is performed by their alias - which is identical.

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Create/import two or more certificates with the same subject (or "Issued to" as it is called in windows) and import them into the windows personal certificate store.
        Now load the MSCAPI provider and open the keystore "Windows-MY". Then enumerate through all aliases via java.security.KeyStore.aliases().



        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        The alias has to be unique within a keystore for allowing to accessing the correspondant keystore entry
        ACTUAL -
        The alias-enumeration contains two or more equal aliases

        REPRODUCIBILITY :
        This bug can be reproduced always.

          Issue Links

            Activity

            Hide
            mullan Sean Mullan added a comment -
            See also http://mail.openjdk.java.net/pipermail/security-dev/2014-February/010119.html for a posting to security-dev about this issue.
            Show
            mullan Sean Mullan added a comment - See also http://mail.openjdk.java.net/pipermail/security-dev/2014-February/010119.html for a posting to security-dev about this issue.
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/68f8be44b6a6
            User: igerasim
            Date: 2016-04-03 13:39:11 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/68f8be44b6a6 User: igerasim Date: 2016-04-03 13:39:11 +0000
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/68f8be44b6a6
            User: lana
            Date: 2016-04-06 18:32:35 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/68f8be44b6a6 User: lana Date: 2016-04-06 18:32:35 +0000
            Hide
            afomin Alexander Fomin added a comment - - edited
            UR SQE OK to defer the risky fix from PSU16_03.
            Show
            afomin Alexander Fomin added a comment - - edited UR SQE OK to defer the risky fix from PSU16_03.

              People

              • Assignee:
                igerasim Ivan Gerasimov
                Reporter:
                tyao Ting-Yun Ingrid Yao (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: