[8] code review for 8007755: Support the logical grouping of keystores
Sean Mullan
sean.mullan at oracle.com
Wed Feb 13 19:10:01 UTC 2013
On 02/13/2013 01:22 PM, Vincent Ryan wrote:
> Latest webrev:
> http://cr.openjdk.java.net/~vinnie/8007755/webrev.01/
Looks good.
>> Also, this will require a CCC, so you won't be able to fix this now, but
>> the DomainLoadStoreParameter should be a standalone class, since it is
>> keystore-type specific.
>
> A more descriptive name would be useful since it'll no longer be nested
> in the KeyStore class.
>
> For example, java.security.KeyStoreDomainParameter.
I actually prefer if the name starts with Domain, or DKS. I also think
this is consistent with other type specific parameter classes like
LDAPCertStoreParameters, etc ..
>>
>> Also, I don't think a policy keystore entry will work with a Domain
>> Keystore since it doesn't use LoadStoreParameters. Please file another
>> bug to fix this later.
>
> OK. That will require adding support for a new optional line in the
> policy file that specifies the location of a DKS configuration.
>
> For example:
> keystore "NONE", "DKS";
> keystoreConfigURI "file:///x/y/z";
Or you could treat the URL as the config URL just for domain keystores:
keystore "file:///x/y/z", "DKS";
--Sean
More information about the security-dev
mailing list