RFR 8076190: Customizing the generation of a PKCS12 keystore

Weijun Wang weijun.wang at oracle.com
Wed Dec 12 15:57:13 UTC 2018 

Thanks. Will you please also take a look at the release note at https://bugs.openjdk.java.net/browse/JDK-8215293?

--Max

> On Dec 12, 2018, at 11:01 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> Looks good.
> 
> --Sean
> 
> On 12/12/18 9:40 AM, Weijun Wang wrote:
>> The latest webrev is at
>>    https://cr.openjdk.java.net/~weijun/8076190/webrev.07
>> The major change since webrev.05 is that the properties are no longer read into static fields, they are read on-demand. This means they will never be read if store() is not called.
>> I've also added more test cases.
>> Thanks,
>> Max
>>> On Oct 8, 2018, at 11:26 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>> 
>>> CSR updated. Please take a review.
>>> 
>>>   https://bugs.openjdk.java.net/browse/JDK-8202590
>>> 
>>> A slightly updated webrev at
>>> 
>>>   https://cr.openjdk.java.net/~weijun/8076190/webrev.05
>>> 
>>> Thanks
>>> Max
>>> 
>>>> On Oct 3, 2018, at 12:51 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>> 
>>>> On 10/1/18 8:02 PM, Weijun Wang wrote:
>>>>> 
>>>>> 
>>>>>> On Oct 2, 2018, at 2:49 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>>>> 
>>>>>> Looks good. After you update the CSR with these changes, I can review it.
>>>>> 
>>>>> Sure.
>>>>> 
>>>>> How do you think of the following change? Shall I also add it?
>>>> 
>>>> Yes.
>>>>> 
>>>>> diff --git a/src/java.base/share/classes/java/security/KeyStore.java b/src/java.base/share/classes/java/security/KeyStore.java
>>>>> --- a/src/java.base/share/classes/java/security/KeyStore.java
>>>>> +++ b/src/java.base/share/classes/java/security/KeyStore.java
>>>>> @@ -318,7 +318,7 @@
>>>>>          * for a given keystore type is set using the
>>>>>          * {@code 'keystore.<type>.keyProtectionAlgorithm'} security property.
>>>>>          * For example, the
>>>>> -         * {@code keystore.PKCS12.keyProtectionAlgorithm} property stores the
>>>>> +         * {@code keystore.pkcs12.keyProtectionAlgorithm} property stores the
>>>>>          * name of the default key protection algorithm used for PKCS12
>>>>>          * keystores. If the security property is not set, an
>>>>>          * implementation-specific algorithm will be used.
>>>>> 
>>>>> Shall I add some word to this method saying we should use lowercase or are we going to live with this lower+UPPER for every keystore type forever?
>>>> No. Let's just continue to check in the code for both variants of the above property, but remove all references to the upper-case variant from the javadocs and java.security file.
>>>> 
>>>> --Sean
>>>>> 
>>>>> If yes, there will also be some text for its compatibility risk.
>>>>> 
>>>>> Thanks
>>>>> Max
>>>>> 
>>>>>> 
>>>>>> --Sean
>>>>>> 
>>>>>> On 9/28/18 9:36 AM, Weijun Wang wrote:
>>>>>>> Webrev updated at
>>>>>>>   http://cr.openjdk.java.net/~weijun/8076190/webrev.04/
>>>>>>> Major changes:
>>>>>>> 1. Comment out key=value lines in java.security
>>>>>>> 2. Fix a bug in PBES2Parameters.java
>>>>>>> 3. Test no longer depends on openssl. Instead, use openssl to generate some pkcs12 files and included in the test.
>>>>>>> 4. A new test KeyProtAlgCompat.java to ensure compatibility on pkcs12/PKCS12 names
>>>>>>> I haven't made any change to KeyStore.java yet. CSR is also not updated.
>>>>>>> Thanks
>>>>>>> Max
>>>>> 
>>>>> 
>>>

More information about the security-dev mailing list