[8] code review for 8006951: Avoid storing duplicate PKCS12 attributes

Vincent Ryan vincent.x.ryan at oracle.com
Fri Jan 25 17:59:38 UTC 2013


On 25/01/2013 17:20, Sean Mullan wrote:
> On 01/25/2013 12:05 PM, Vincent Ryan wrote:
>> Sure. Three safeBag attributes require special handling by the PKCS12
>> keystore: friendlyName,
>> localKeyId and trustedKeyUsage. The friendlyName is used as the
>> keystore entry alias, localKeyId
>> is used to match private keys to their associated certificates, and
>> trustedKeyUsage, to identify
>> trusted certificates.
>>
>> When loading a PKCS12 keystore these 3 attributes are added to the
>> collection of entry attributes.
>> When storing a PKCS12 keystore these 3 attributes should be removed
>> from the collection of
>> entry attributes because they are handled separately.
>
> Can the 3 attributes change at all since you have loaded them?

Good point. I'll have to address that issue later.


>
>> The fix prevents these 3 attributes from being duplicated when storing
>> a PKCS12 keystore.
>
> Ok, I am ok with the fix then. I think a better fix when you have more
> time is to separate the logic of storing an existing entry that already
> has these 3 attributes from a brand new entry where you want to add
> these 3 new attributes.

Right. I wanted to change as little code as possible at this stage in
M6.


>
> --Sean
>
>>
>>
>>
>> On 25 Jan 2013, at 16:41, Sean Mullan wrote:
>>
>>> Can you explain a bit more what use-case is causing this failure? I
>>> don't quite understand why you are ignoring the attributes that are
>>> already in the KeyStore.Entry.
>>>
>>> --Sean
>>>
>>> On 01/25/2013 10:37 AM, Vincent Ryan wrote:
>>>> Please review this fix to correct a failing PKCS12 test:
>>>>
>>>> Webrev: http://cr.openjdk.java.net/~vinnie/8006951/webrev.00/
>>>>
>>>> Thanks.
>>>
>>
>




More information about the security-dev mailing list