code review request: 7133495: [macosx] KeyChain KeyStore implementation retrieves only one private key entry

Weijun Wang weijun.wang at oracle.com
Fri Feb 3 14:26:05 UTC 2012


Hi Vinnie

The code change is fine.

However, I noticed something weird when trying out your test. It seems 
for each PrivateKeyEntry, there is a TrustedCertificateEntry with the 
same cert:

x, Feb 3, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1): 
DB:8F:DC:61:EF:A6:CC:FE:FB:66:6F:6A:E6:32:71:0C:DD:E1:E7:3D
x 1, Feb 3, 2012, trustedCertEntry,
Certificate fingerprint (SHA1): 
DB:8F:DC:61:EF:A6:CC:FE:FB:66:6F:6A:E6:32:71:0C:DD:E1:E7:3D

Should the "x 1" one be removed? I haven't tried what will happen if the 
private entry contains more than one certs in its chain.

Thanks
Max

On 02/02/2012 11:19 PM, Vincent Ryan wrote:
> Please review the following fix to Mac OSX keychain support:
>    http://cr.openjdk.java.net/~vinnie/7133495/webrev.00/
>
> Thanks.



More information about the security-dev mailing list