[8] code review for 8007755: Support the logical grouping of keystores
Vincent Ryan
vincent.x.ryan at oracle.com
Wed Feb 13 18:22:08 UTC 2013
Latest webrev:
http://cr.openjdk.java.net/~vinnie/8007755/webrev.01/
On 13/02/2013 16:47, Sean Mullan wrote:
> Overall this looks good, just have a few comments:
>
> * KeyStore
>
> [313-317] You should state what the String keys are supposed to contain
> (i.e. keystore aliases).
Done.
>
> [329] You need to make a copy of the Map before wrapping it in an
> unmodifiable Map.
Done.
>
> Also, this will require a CCC, so you won't be able to fix this now, but
> the DomainLoadStoreParameter should be a standalone class, since it is
> keystore-type specific.
A more descriptive name would be useful since it'll no longer be nested
in the KeyStore class.
For example, java.security.KeyStoreDomainParameter.
>
> Also, I don't think a policy keystore entry will work with a Domain
> Keystore since it doesn't use LoadStoreParameters. Please file another
> bug to fix this later.
OK. That will require adding support for a new optional line in the
policy file that specifies the location of a DKS configuration.
For example:
keystore "NONE", "DKS";
keystoreConfigURI "file:///x/y/z";
>
> --Sean
>
> On 02/07/2013 05:43 PM, Vincent Ryan wrote:
>>
>> Please review this final component of JEP-166 that adds support
>> for logical keystores and introduces a new keystore type called
>> DKS, the domain keystore.
>>
>> The purpose of the domain keystore is to simplify the handling of
>> multiple keystores and truststores for applications and to ease
>> their deployment.
>>
>> Webrev: http://cr.openjdk.java.net/~vinnie/8007755/webrev.00/
>>
>> Thanks.
>
More information about the security-dev
mailing list