On Mon, 7 Oct 2024 12:42:00 GMT, Prasadrao Koppula <pkopp...@openjdk.org> wrote:
>> Using SharedSecrets, I attempted to expose FileInputStream::path
>> information. After implementing the fix, I validated the startup performance
>> tests. Observed no consistent pattern of performance drops or gains, can
>> disregard the occasional performance drop observed in 1 or 2 runs.
>
> Prasadrao Koppula has updated the pull request incrementally with one
> additional commit since the last revision:
>
> JDK-8329251
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1972:
> 1970: .getPath((FileInputStream) stream);
> 1971: if (keystorePath != null) {
> 1972: debug.println("PKCS12KeyStore: Loading \"" +
> keystorePath.substring(
I ran a straightforward test to connect to a TLS website and expected to see
the cacerts file details being printed.
`BufferedInputStream` is used for `InputStream` instance
sun.security.util.KeyStoreDelegator#engineLoad
InputStream bufferedStream = new BufferedInputStream(stream);
bufferedStream.mark(Integer.MAX_VALUE);
try {
@SuppressWarnings("deprecation")
KeyStoreSpi tmp = primaryKeyStore.newInstance();
tmp.engineLoad(bufferedStream, password);
You'll need to get a handle to the BufferedInputStream -> FilterInputStream ->
`in` stream and check if it's an instance of a `FileInputStream`. You can then
query and print the path value if present.
On a side note, I was surprised to see no debug output (of interest) initially
when I was using the `-Djava.security.debug=keystore` value. Turns out I have
to use the `pkcs12` value for debug option. Given that PKCS12KeyStore.java is
the only file to use this debug value and that pkcs12 is now the default
keystore type, there might be merit in folding this value into the more common
`keystore` option
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20414#discussion_r1796741288
