[8] code review for 8006951: Avoid storing duplicate PKCS12 attributes

Sean Mullan sean.mullan at oracle.com
Fri Jan 25 17:20:24 UTC 2013


On 01/25/2013 12:05 PM, Vincent Ryan wrote:
> Sure. Three safeBag attributes require special handling by the PKCS12 keystore: friendlyName,
> localKeyId and trustedKeyUsage. The friendlyName is used as the keystore entry alias, localKeyId
> is used to match private keys to their associated certificates, and trustedKeyUsage, to identify
> trusted certificates.
>
> When loading a PKCS12 keystore these 3 attributes are added to the collection of entry attributes.
> When storing a PKCS12 keystore these 3 attributes should be removed from the collection of
> entry attributes because they are handled separately.

Can the 3 attributes change at all since you have loaded them?

> The fix prevents these 3 attributes from being duplicated when storing a PKCS12 keystore.

Ok, I am ok with the fix then. I think a better fix when you have more 
time is to separate the logic of storing an existing entry that already 
has these 3 attributes from a brand new entry where you want to add 
these 3 new attributes.

--Sean

>
>
>
> On 25 Jan 2013, at 16:41, Sean Mullan wrote:
>
>> Can you explain a bit more what use-case is causing this failure? I don't quite understand why you are ignoring the attributes that are already in the KeyStore.Entry.
>>
>> --Sean
>>
>> On 01/25/2013 10:37 AM, Vincent Ryan wrote:
>>> Please review this fix to correct a failing PKCS12 test:
>>>
>>> Webrev: http://cr.openjdk.java.net/~vinnie/8006951/webrev.00/
>>>
>>> Thanks.
>>
>




More information about the security-dev mailing list