[8] Code review request for 8005408: KeyStore API enhancements

Vincent Ryan vincent.x.ryan at oracle.com
Tue Jan 22 17:11:03 UTC 2013


Correct. 
Thanks.

On 22 Jan 2013, at 16:50, Sean Mullan wrote:

> More comments:
> 
> KeyStore.java
> 
> [551, 670, 753] Needs to make a copy (clone) according to javadoc, so should be:
> 
> this.attributes = Collections.unmodifiableSet(new HashSet<>(attributes));
> 
> --Sean
> 
> On 01/22/2013 11:24 AM, Sean Mullan wrote:
>> Comments so far, will send more as I review more:
>> 
>> AlgorithmId.java
>> 
>> * Update copyright
>> 
>> KeyStore.java
>> 
>> [296] I think you want to say:
>> 
>> If none was set then null is returned.
>> 
>> As I understand it, if none is set, then the KeyStore provider will use
>> a default algorithm as specified by the Security property. This needs to
>> be made clearer in the javadoc, as it reads it says it returns the value
>> of this property, which is not possible since this class doesn't know
>> what keystore type is being used at this point.
>> 
>> [304] specify that null can be returned -
>> 
>> @return the algorithm name, or null if none was set
>> 
>> --Sean
>> 
>> 
>> On 01/21/2013 07:18 PM, Vincent Ryan wrote:
>>> 
>>> Updated webrev to include java.security.PKCS12Attribute:
>>>   http://cr.openjdk.java.net/~vinnie/8005408/webrev.01/
>>> 
>>> 
>>> 
>>> On 21/01/2013 15:18, Vincent Ryan wrote:
>>>> Hello,
>>>> 
>>>> Please review the fix for 8005408. It adds support for associating
>>>> attributes with keystore entries.
>>>> It is yet another component of the JEP-166 delivery.
>>>> 
>>>> This new API permits several enhancements to the PKCS12 keystore
>>>> implementation: the storage of
>>>> trusted certificates, storage of secret keys and support for entry
>>>> metadata. Currently, only the
>>>> PKCS12 keystore takes advantage of these new KeyStore APIs.
>>>> 
>>>> Webrev: http://cr.openjdk.java.net/~vinnie/8005408/webrev.00/
>>>> 
>>>> 
>>>> For storing trusted certificates in PKCS12 a new SafeBag attribute (with
>>>> a familiar syntax) is introduced
>>>> to indicate a trust usage:
>>>> 
>>>> |trustedKeyUsage ATTRIBUTE ::= {|
>>>> |||WITH SYNTAX ExtKeyUsageSyntax|
>>>> |||ID id-at-trustedKeyUsage  -- object identifier from an Oracle arc|
>>>> |}|
>>>> |-- from RFC ||5832||, Section ||4.2||.||1.12|
>>>> |||ExtKeyUsageSyntax ::= SEQUENCE SIZE (||1||..MAX) OF KeyPurposeId|
>>>> |||KeyPurposeId ::= OBJECT IDENTIFIER|
>>>> |||anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage ||0|
>>>> |}|
>>>> 
>>>> Note that this approach does not preclude the storage of a Trust Anchor
>>>> List (as defined in RFC 5914)
>>>> which was proposed earlier on this list.
>>>> 
>>>> 
>>>> There is one omission from the webrev above: the
>>>> java.security.PKCS12Attribute class needs some
>>>> additional changes and will be posted shortly.
>>>> 
>>>> Again, JEP-166 is on a tight schedule for M6 so your early comments are
>>>> appreciated.
>>>> 
>>>> Thanks.
>>> 
>> 
> 




More information about the security-dev mailing list