8354469: Keytool exposes the password in plain text when command is piped using | grep

[fitzsim]

This pull request backports:

8354469: Keytool exposes the password in plain text when command is piped using | grep

It depends on pull request #3232 which backports:

8366261: Provide utility methods for sun.security.util.Password

Starting from the backport of 8354469 to 17, I made the following adjustments:

Console.java:

• Its change applied with a minor line offset, looks fine.

Password.java:

• Adjust copyright year

• 17 renamed "misc" to "access" in "import jdk.internal.access.SharedSecrets;" as part of:

  8211122: Reduce the number of internal classes made accessible to jdk.unsupported

  so skip that.

• 17 then removed "import jdk.internal.access.SharedSecrets;" and called "System.console().charset()" directly instead of via SharedSecrets as part of:

  8264208: Console charset API

  which was never backported, so skip that and continue using SharedSecrets.

• 17 re-added "import jdk.internal.access.SharedSecrets;" as part of:

  8354469: Keytool exposes the password in plain text when command is piped using | grep

  to be able to call passwordConsole and readPasswordNoNewLine, so again, I just keep "import jdk.internal.misc.SharedSecrets;" constant in 11

• 11 does not have Console.charset, so modify the JavaIOAccess interface to accept a Console argument which returns the value of the passed console's private charset (cs) field.

SetInPassword.java:

• Fine as-is, passes.

EchoPassword.java:

• Change to use traditional multiline-string syntax since 11 does not support """ multiline strings; update message whitespace

• Remove support for the convenience "Copy Command" hyperlinks since hyperlinkListener support is not available in 11; update message accordingly

  I did briefly try to maintain these links and status label, but it would have required first backporting:

  8367348: Enhance PassFailJFrame to support links in HTML

  which did not apply cleanly to 11, so I decided to simplify the test instead.

• Remove the now-unused status label

Usages.java:

• Drop test/jdk/sun/security/util/Resources/Usages.java changes since
  that file does not exist in 11

The new SetInPassword.java test passes and with the modifications herein, the EchoPassword.java also passes.

---

• I confirm that I make this contribution in accordance with the OpenJDK Interim AI Policy.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8354469 needs maintainer approval

Issue

• JDK-8354469: Keytool exposes the password in plain text when command is piped using | grep (Enhancement - P3)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/3233/head:pull/3233
$ git checkout pull/3233

Update a local copy of the PR:
$ git checkout pull/3233
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/3233/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 3233

View PR using the GUI difftool:
$ git pr show -t 3233

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/3233.diff

[bridgekeeper]

👋 Welcome back fitzsim! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.