TKSS-629: PKCS12KeyStore should clear storeEntryCache

Tencent · Jan 8, 2024 · 66ca1ed · 66ca1ed
1 parent 26dbd4c
commit 66ca1ed
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/kona-crypto/src/main/java/com/tencent/kona/crypto/util/Constants.java b/kona-crypto/src/main/java/com/tencent/kona/crypto/util/Constants.java
@@ -36,7 +36,7 @@ public final class Constants {
             "java.specification.vendor");
 
     // The length of uncompressed SM2 public key,
-    // exactly a EC point's coordinates (x, y).
+    // exactly an EC point's coordinates (x, y).
     // The hex format is 04||x||y
     public static final int SM2_PUBKEY_LEN = 65;
 

diff --git a/kona-pkix/src/main/java/com/tencent/kona/sun/security/pkcs12/PKCS12KeyStore.java b/kona-pkix/src/main/java/com/tencent/kona/sun/security/pkcs12/PKCS12KeyStore.java
@@ -989,7 +989,7 @@ private static ObjectIdentifier mapPBEAlgorithmToOID(String algorithm)
      * for some other reason.
      */
     public synchronized void engineSetCertificateEntry(String alias,
-                                                       Certificate cert) throws KeyStoreException
+            Certificate cert) throws KeyStoreException
     {
         setCertEntry(alias, cert, null);
     }
@@ -998,7 +998,7 @@ public synchronized void engineSetCertificateEntry(String alias,
      * Sets a trusted cert entry (with attributes, when present)
      */
     private void setCertEntry(String alias, Certificate cert,
-                              Set<KeyStore.Entry.Attribute> attributes) throws KeyStoreException {
+            Set<KeyStore.Entry.Attribute> attributes) throws KeyStoreException {
 
         // Check that the cert is an X.509 cert
         if (cert != null && (!(cert instanceof X509Certificate))) {
@@ -2007,6 +2007,7 @@ public synchronized void engineLoad(InputStream stream, char[] password)
         }
 
         entries.clear();
+        storeEntryCache.clear();
 
         /*
          * Read the authSafe.