code review request: 7133495: [macosx] KeyChain KeyStore implementation retrieves only one private key entry
Vincent Ryan
vincent.x.ryan at oracle.com
Mon Feb 6 12:01:41 UTC 2012
On 02/ 3/12 02:26 PM, Weijun Wang wrote:
> Hi Vinnie
>
> The code change is fine.
>
Thanks.
> However, I noticed something weird when trying out your test. It seems for each
> PrivateKeyEntry, there is a TrustedCertificateEntry with the same cert:
>
> x, Feb 3, 2012, PrivateKeyEntry,
> Certificate fingerprint (SHA1):
> DB:8F:DC:61:EF:A6:CC:FE:FB:66:6F:6A:E6:32:71:0C:DD:E1:E7:3D
> x 1, Feb 3, 2012, trustedCertEntry,
> Certificate fingerprint (SHA1):
> DB:8F:DC:61:EF:A6:CC:FE:FB:66:6F:6A:E6:32:71:0C:DD:E1:E7:3D
>
> Should the "x 1" one be removed? I haven't tried what will happen if the private
> entry contains more than one certs in its chain.
>
When a private key and associated certificate chain is imported into a MacOS
keychain then a separate certificate entry gets created for each certificate in
the private key's certificate chain.
> Thanks
> Max
>
> On 02/02/2012 11:19 PM, Vincent Ryan wrote:
>> Please review the following fix to Mac OSX keychain support:
>> http://cr.openjdk.java.net/~vinnie/7133495/webrev.00/
>>
>> Thanks.
More information about the security-dev
mailing list