[8] Code review request for 8005408: KeyStore API enhancements
Vincent Ryan
vincent.x.ryan at oracle.com
Mon Jan 21 15:18:59 UTC 2013
Hello,
Please review the fix for 8005408. It adds support for associating attributes with keystore entries.
It is yet another component of the JEP-166 delivery.
This new API permits several enhancements to the PKCS12 keystore implementation: the storage of
trusted certificates, storage of secret keys and support for entry metadata. Currently, only the
PKCS12 keystore takes advantage of these new KeyStore APIs.
Webrev: http://cr.openjdk.java.net/~vinnie/8005408/webrev.00/
For storing trusted certificates in PKCS12 a new SafeBag attribute (with a familiar syntax) is introduced
to indicate a trust usage:
trustedKeyUsage ATTRIBUTE ::= {
WITH SYNTAX ExtKeyUsageSyntax
ID id-at-trustedKeyUsage -- object identifier from an Oracle arc
}
-- from RFC 5832, Section 4.2.1.12
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
KeyPurposeId ::= OBJECT IDENTIFIER
anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
Note that this approach does not preclude the storage of a Trust Anchor List (as defined in RFC 5914)
which was proposed earlier on this list.
There is one omission from the webrev above: the java.security.PKCS12Attribute class needs some
additional changes and will be posted shortly.
Again, JEP-166 is on a tight schedule for M6 so your early comments are appreciated.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20130121/7b4c63aa/attachment.htm>
More information about the security-dev
mailing list