[9] RFR 8163503: PKCS12 keystore cannot store non-X.509 certificates
Seán Coffey
sean.coffey at oracle.com
Wed Aug 10 16:43:52 UTC 2016
Looks good. Thanks.
Regards,
Sean.
On 10/08/16 17:39, Vincent Ryan wrote:
> I’ve updated the webrev to include your suggestion:
> http://cr.openjdk.java.net/~vinnie/8163503/webrev.01/
>
> Thanks.
>
>> On 10 Aug 2016, at 10:59, Seán Coffey <sean.coffey at oracle.com> wrote:
>>
>> It would be good if we can print the cert class type in the new exception if the instanceof check fails.
>>
>> Regards,
>> Sean.
>>
>> On 09/08/16 19:14, Vincent Ryan wrote:
>>> Please review this fix to improve the error handling for attempts to store a Certificate object in PKCS12 keystore.
>>> The PKCS12 keystore implementation supports storing only X509Certificate objects but the KeyStore API allows Certificate objects.
>>> This fix rejects attempts to store non-X.509 certificates and throws a KeyStoreException.
>>>
>>> Thanks.
>>>
>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8163503
>>> Webrev: http://cr.openjdk.java.net/~vinnie/8163503/webrev.00/
>>>
>>>
More information about the security-dev
mailing list