[8] Code review request for 8005408: KeyStore API enhancements
Vincent Ryan
vincent.x.ryan at oracle.com
Tue Jan 22 00:18:45 UTC 2013
Updated webrev to include java.security.PKCS12Attribute:
http://cr.openjdk.java.net/~vinnie/8005408/webrev.01/
On 21/01/2013 15:18, Vincent Ryan wrote:
> Hello,
>
> Please review the fix for 8005408. It adds support for associating
> attributes with keystore entries.
> It is yet another component of the JEP-166 delivery.
>
> This new API permits several enhancements to the PKCS12 keystore
> implementation: the storage of
> trusted certificates, storage of secret keys and support for entry
> metadata. Currently, only the
> PKCS12 keystore takes advantage of these new KeyStore APIs.
>
> Webrev: http://cr.openjdk.java.net/~vinnie/8005408/webrev.00/
>
>
> For storing trusted certificates in PKCS12 a new SafeBag attribute (with
> a familiar syntax) is introduced
> to indicate a trust usage:
>
> |trustedKeyUsage ATTRIBUTE ::= {|
> |||WITH SYNTAX ExtKeyUsageSyntax|
> |||ID id-at-trustedKeyUsage -- object identifier from an Oracle arc|
> |}|
> |-- from RFC ||5832||, Section ||4.2||.||1.12|
> |||ExtKeyUsageSyntax ::= SEQUENCE SIZE (||1||..MAX) OF KeyPurposeId|
> |||KeyPurposeId ::= OBJECT IDENTIFIER|
> |||anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage ||0| |}|
>
> Note that this approach does not preclude the storage of a Trust Anchor
> List (as defined in RFC 5914)
> which was proposed earlier on this list.
>
>
> There is one omission from the webrev above: the
> java.security.PKCS12Attribute class needs some
> additional changes and will be posted shortly.
>
> Again, JEP-166 is on a tight schedule for M6 so your early comments are
> appreciated.
>
> Thanks.
More information about the security-dev
mailing list