JCE: add engineProbe() implementation to WolfSSLKeyStore

Author: cconlon

src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java

@@ -1808,6 +1808,62 @@ public synchronized void engineLoad(InputStream stream, char[] password)
         return;
     }
 
+    /**
+     * Probes the specified input stream to determine if it contains a
+     * keystore that is supported by this implementation.
+     *
+     * This method is used by KeyStore.getInstance(File, char[]) and similar
+     * methods to auto-detect the keystore type without requiring explicit
+     * type specification.
+     *
+     * Note: engineProbe() was added in JDK 9. No @Override annotation to
+     * maintain Java 8 compatibility. On JDK 9+ this method is called by
+     * KeyStore for auto-detection; on Java 8 it is simply unused.
+     *
+     * @param stream the keystore data to be probed. The stream must support
+     *        mark/reset so the caller can rewind after probing.
+     *
+     * @return true if the keystore data is supported (has WKS magic number),
+     *         otherwise false
+     *
+     * @throws IOException if there is an I/O problem with the keystore data
+     * @throws NullPointerException if the stream is null
+     */
+    public boolean engineProbe(InputStream stream) throws IOException {
+
+        int magic = 0;
+        DataInputStream dis = null;
+
+        if (stream == null) {
+            throw new NullPointerException("InputStream cannot be null");
+        }
+
+        /* Read first 4 bytes to check magic number */
+        stream.mark(4);
+        dis = new DataInputStream(stream);
+
+        try {
+            magic = dis.readInt();
+            if (magic == WKS_MAGIC_NUMBER) {
+                return true;
+            }
+        }
+        catch (IOException e) {
+            /* Could not read 4 bytes, not a valid WKS file, swallow
+             * exception and return false below. */
+        }
+        finally {
+            try {
+                stream.reset();
+            }
+            catch (IOException e) {
+                /* Reset failed, stream may not support mark/reset */
+            }
+        }
+
+        return false;
+    }
+
     /**
      * Internal method for logging output.
      *

src/test/java/com/wolfssl/provider/jce/test/WolfSSLKeyStoreTest.java

@@ -67,6 +67,7 @@
 import javax.crypto.SecretKey;
 
 import com.wolfssl.provider.jce.WolfCryptProvider;
+import com.wolfssl.provider.jce.WolfSSLKeyStore;
 import com.wolfssl.wolfcrypt.test.TimedTestWatcher;
 
 public class WolfSSLKeyStoreTest {
@@ -2371,5 +2372,81 @@ public void run() {
         assertNotNull(chain);
         assertTrue(chain.length > 0);
     }
+
+    /**
+     * Test that engineProbe() correctly identifies WKS format by checking
+     * the magic number at the beginning of the stream.
+     */
+    @Test
+    public void testEngineProbeIdentifiesWKS()
+        throws KeyStoreException, IOException, NoSuchProviderException,
+               NoSuchAlgorithmException, CertificateException {
+
+        /* Create a WKS keystore and store it to a byte array */
+        KeyStore store = KeyStore.getInstance(storeType, storeProvider);
+        store.load(null, storePass.toCharArray());
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        store.store(baos, storePass.toCharArray());
+        byte[] wksBytes = baos.toByteArray();
+
+        /* Get the WolfSSLKeyStore SPI instance via reflection to call
+         * engineProbe directly (since KeyStore doesn't expose it) */
+        try {
+            WolfSSLKeyStore wksSpi = new WolfSSLKeyStore();
+
+            /* Test that valid WKS data returns true */
+            ByteArrayInputStream bais = new ByteArrayInputStream(wksBytes);
+            boolean result = wksSpi.engineProbe(bais);
+            assertTrue("engineProbe should return true for valid WKS", result);
+
+            /* Verify stream position is preserved after engineProbe().
+             * Per KeyStoreSpi spec, probe should leave stream at original
+             * position so other implementations can try. */
+            assertEquals("Stream should be at beginning after engineProbe()",
+                wksBytes[0] & 0xFF, bais.read());
+
+            /* Test that invalid data (non-WKS) returns false */
+            byte[] invalidData = new byte[] {
+                0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+            };
+            bais = new ByteArrayInputStream(invalidData);
+            result = wksSpi.engineProbe(bais);
+            assertFalse("engineProbe should return false for non-WKS", result);
+
+            /* Test that JKS magic number returns false
+             * JKS magic is 0xFEEDFEED */
+            byte[] jksMagic = new byte[] {
+                (byte)0xFE, (byte)0xED, (byte)0xFE, (byte)0xED
+            };
+            bais = new ByteArrayInputStream(jksMagic);
+            result = wksSpi.engineProbe(bais);
+            assertFalse("engineProbe should return false for JKS", result);
+
+            /* Test that empty stream returns false */
+            bais = new ByteArrayInputStream(new byte[0]);
+            result = wksSpi.engineProbe(bais);
+            assertFalse("engineProbe should return false for empty stream",
+                result);
+
+            /* Test that stream shorter than 4 bytes returns false */
+            bais = new ByteArrayInputStream(new byte[] {0x00, 0x00, 0x00});
+            result = wksSpi.engineProbe(bais);
+            assertFalse("engineProbe should return false for short stream",
+                result);
+
+        } catch (Exception e) {
+            fail("engineProbe test threw exception: " + e.getMessage());
+        }
+    }
+
+    /**
+     * Test that engineProbe() throws NullPointerException for null stream.
+     */
+    @Test(expected = NullPointerException.class)
+    public void testEngineProbeNullStream() throws IOException {
+        WolfSSLKeyStore wksSpi = new WolfSSLKeyStore();
+        wksSpi.engineProbe(null);
+    }
 }