[9] RFR 8163503: PKCS12 keystore cannot store non-X.509 certificates
Vincent Ryan
vincent.x.ryan at oracle.com
Wed Aug 10 16:39:36 UTC 2016
You’re right. This same issue had been reported as an obscure JCK test failure.
I created this new bug to clarify the issue.
I’ve updated the webrev to include your suggestion:
http://cr.openjdk.java.net/~vinnie/8163503/webrev.01/
Thanks.
> On 10 Aug 2016, at 01:38, Weijun Wang <weijun.wang at oracle.com> wrote:
>
> I thought I've seen this webrev before.
>
> Why not just throw a KeyStoreException in validateChain()?
>
> --Max
>
> On 8/10/2016 2:14, Vincent Ryan wrote:
>> Please review this fix to improve the error handling for attempts to store a Certificate object in PKCS12 keystore.
>> The PKCS12 keystore implementation supports storing only X509Certificate objects but the KeyStore API allows Certificate objects.
>> This fix rejects attempts to store non-X.509 certificates and throws a KeyStoreException.
>>
>> Thanks.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8163503
>> Webrev: http://cr.openjdk.java.net/~vinnie/8163503/webrev.00/
>>
>>
More information about the security-dev
mailing list