[8u] RFR: 8076190: Customizing the generation of a PKCS12 keystore
Martin Balao
mbalao at redhat.com
Tue Aug 24 15:50:06 UTC 2021
Hi Alexey,
Final comments for this first round:
* src/share/classes/sun/security/tools/keytool/Main.java
* @@ -2025,7 +2058,14 @@
* Seems to have an issue similar to the one before:
* 'srcstoretype' is changed based on probing (which was not a
JDK-8 behavior)
* the value set is based on the assumption that
'!"JKS".equalsIgnoreCase(realType)' is PKCS#12 and that may not be
correct on some cases
* there might be some redundancy in the checks 'srcksfile != null
&& is != null && srcProviderName == null'
* I'd consider a similar approach to the one proposed earlier: take
the 'srcstoretype' value for certain, compare against 'pkcs12' and
handle the existing-keystore scenario. In this case, 'is' seems to be
the variable to decide whether there is an existing keystore or not.
* test/lib/jdk/test/lib/SecurityTools.java
* For some reason, there are 2 SecurityTools files in JDK-8:
* jdk/test/lib/testlibrary/jdk/testlibrary/SecurityTools.java
* jdk/test/lib/jdk/test/lib/SecurityTools.java
* Can we avoid this change by making the test use the other one?
* Looks like
'jdk/test/lib/testlibrary/jdk/testlibrary/SecurityTools.java' is the
one that you want for the test
* If we apply your proposed change, then the 2 libs will be equal
in regards to the affected method and I'm in general concerned about
the side-effects of modifying libraries; the set of regression tests
that you ran may not be enough to make sure that we don't introduce a
regression.
Thanks,
Martin.-
More information about the jdk8u-dev
mailing list