ghost
commented
5 years ago A PKCS#12 with multiple keys and certificates loaded as JKS will only give access to the very first key/certificate pair. The rest would not be shown.
I had colleagues and customers bitten by that; they didn't understand what was happening. It was fairly easy to spot if you know portecle since it shows in the status bar as what kind of store the keystore was opened.
I'll add a comment in the enum.
Br, Jan
On 04/01/2019 22.05, Ville Skyttä wrote:
@scop requested changes on this pull request.
Reproduced the loading, but could you elaborate on what kinds of problems one will encounter with PKCS#12 key stores opened as JKS? I could probably find some myself, but didn't spot anything on a very quick test.
Additionally, a comment why PKCS12 must come before JKS in the enum would be appropriate, as it's not obvious from looking at the code.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/scop/portecle/pull/57#pullrequestreview-189528180, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Aqy4xecveEJNk684cFyV6epGe0iwgFhhks5u_8IHgaJpZM4YfVDG.
scop
bugfix for PKCS#12 loading as JKS keystore type.
FPortecle.openKeyStoreFile() tries to load a keystore as a keystore of a given type until it succeeds without exceptions or null store. Java 8+ succeeds in loading PKCS#12 stores as JKS but lacks the features a PKCS#12 store needs. Trying to load as a PKCS#12 type first avoids this problem. FPortecle.openKeyStoreFile() uses the order given in this KeyStoreType enum.