8354469: Keytool exposes the password in plain text when command is piped using | grep

[GoeLin]

Edit of src/java.base/share/classes/sun/security/util/resources/security.properties
applied to sun/security/util/Resources.java as
"8345940: Migrate security-related resources from Java classes to properties files" not in 21.

test/jdk/sun/security/util/Resources/Usages.java
Trivial resolve as "8338411: Implement JEP 486: Permanently Disable the Security Manager" is not in 21.

The new test jdk/sun/security/tools/keytool/EchoPassword.java fails for passwords with non-ascii characters.
I think this is because many changes to pass the encoding around are missin in 21, especially https://bugs.openjdk.org/browse/JDK-8330276: Console methods with explicit Locale

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8354469 needs maintainer approval

Integration blocker

 ⚠️ Dependency #2616 must be integrated first

Issue

• JDK-8354469: Keytool exposes the password in plain text when command is piped using | grep (Enhancement - P3)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk21u-dev.git pull/2617/head:pull/2617
$ git checkout pull/2617

Update a local copy of the PR:
$ git checkout pull/2617
$ git pull https://git.openjdk.org/jdk21u-dev.git pull/2617/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 2617

View PR using the GUI difftool:
$ git pr show -t 2617

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk21u-dev/pull/2617.diff

[bridgekeeper]

👋 Welcome back goetz! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[schmelter-sap]

Regarding the manual EchoPassword test, you could check for the readPassword() method taking a locale in Console and if not found don't include the instructions for the last two tests (if any poor soul really does them manually).