[8u] request for review: 8062552 Support keystore type detection for JKS and PKCS12 keystores
Thomas Lußnig
openjdk at suche.org
Sat May 23 08:42:17 UTC 2015
Hi,
1) Would it not be an good idea to check the first bytes of the message
so that the dual class already know what type the stream is
and there is no unnecessary instanciation of exceptions and engine class?
2) If we add an "smart" keystore why we limit it to two types? I do not
see any reason why it should not be possible to add other store types to:
- JCEKS
- PKCS11
It could be extended via securit property
java.security.smartKeystore.<N>.type = PKCS11
java.security.smartKeystore.<N>.magic = <HexSequence> (Optional for
Performance)
java.security.smartKeystore.<N>.engineClass = CanonicalEngine Class Name
This would be only an small code change but an usefull improvement.
Gruß Thomas
On 22.05.2015 22:01, Sean Mullan wrote:
> Looks fine to me.
>
> --Sean
>
> On 05/22/2015 03:10 PM, Vincent Ryan wrote:
>> Thanks Thomas and Sean for your review comments.
>>
>> KeyStoreDelegator matches the JDK 9 version. I’ve moved it to the
>> sun.security.package and modified it as suggested.
>> I also made JavaKeyStore package-private but DualFormatJKS needs to
>> remain public.
>> The cert in trusted.pem is an arbitrary X.509 cert and I’ve added a
>> comment in the TestKeystoreCompat test.
>>
>> A new webrev is available at:
>> http://cr.openjdk.java.net/~vinnie/8062552/webrev.02/
More information about the security-dev
mailing list