code review request: 7133495: [macosx] KeyChain KeyStore implementation retrieves only one private key entry

Vincent Ryan vincent.x.ryan at oracle.com
Mon Feb 6 04:01:41 PST 2012


On 02/ 3/12 02:26 PM, Weijun Wang wrote:
> Hi Vinnie
> 
> The code change is fine.
> 

Thanks.


> However, I noticed something weird when trying out your test. It seems for each
> PrivateKeyEntry, there is a TrustedCertificateEntry with the same cert:
> 
> x, Feb 3, 2012, PrivateKeyEntry,
> Certificate fingerprint (SHA1):
> DB:8F:DC:61:EF:A6:CC:FE:FB:66:6F:6A:E6:32:71:0C:DD:E1:E7:3D
> x 1, Feb 3, 2012, trustedCertEntry,
> Certificate fingerprint (SHA1):
> DB:8F:DC:61:EF:A6:CC:FE:FB:66:6F:6A:E6:32:71:0C:DD:E1:E7:3D
> 
> Should the "x 1" one be removed? I haven't tried what will happen if the private
> entry contains more than one certs in its chain.
> 

When a private key and associated certificate chain is imported into a MacOS
keychain then a separate certificate entry gets created for each certificate in
the private key's certificate chain.


> Thanks
> Max
> 
> On 02/02/2012 11:19 PM, Vincent Ryan wrote:
>> Please review the following fix to Mac OSX keychain support:
>>    http://cr.openjdk.java.net/~vinnie/7133495/webrev.00/
>>
>> Thanks.




More information about the security-dev mailing list