[security-dev 00336]: Re: JCE/JSSE Plans for JDK 7?

[Vincent Ryan]

Mike Duigou wrote:
> Vincent Ryan wrote:
>> Hello Mike,
>>
>> This functionality is being planned for the JDK7 release. The existing
>> java.security.cert.CertificateFactory class can easily be enhanced with
>> several new methods:
>>
>>     o to create a certificate signing request
>>     o to parse a certificate signing request
>>     o to issue a new certificate
>>
>> The features will be limited. There are no plans to define an API to
>> support a full CA.
> 
> I believe that the minimum required PKI extensions are for the API to 
> match the functionality offered by the command line 'keytool'. There are 
> too many projects which must currently include BouncyCastle (which is 
> nonetheless great and useful) only for the purposes of replicating 
> keytool functionality.

The API will match the cert creation functionality of keytool. It will
also support the creation of standardized certificate extensions.


> 
> Are the proposed API changes for JDK7 published anywhere?

A draft API is being prepared. I can circulate it for comments in the
next few weeks.


> 
> Mike
> 
>>
>> Mike Duigou wrote:
>>> Hello!
>>>
>>> Where can I find a published description of the enhancements and
>>> extensions planned for JCE/JSSE in JDK 7?
>>>
>>> To jump right to the point of my question: I'll be specifically looking
>>> for  extensions to allow all of the keytool functionality to be accessed
>>> through public APIs. This is specifically PKCS#1 certificate generation
>>> and PKCS#10 certificate signing requests. Neither of these are currently
>>> available in the JDK 6 API but are available through keytool.
>>>
>>> Mike