RFR 8076190: Customizing the generation of a PKCS12 keystore
Sean Mullan
sean.mullan at oracle.com
Tue Oct 2 16:51:50 UTC 2018
On 10/1/18 8:02 PM, Weijun Wang wrote:
>
>
>> On Oct 2, 2018, at 2:49 AM, Sean Mullan <sean.mullan at oracle.com
>> <mailto:sean.mullan at oracle.com>> wrote:
>>
>> Looks good. After you update the CSR with these changes, I can review it.
>
> Sure.
>
> How do you think of the following change? Shall I also add it?
Yes.
>
> *diff --git a/src/java.base/share/classes/java/security/KeyStore.java
> b/src/java.base/share/classes/java/security/KeyStore.java*
> *--- a/src/java.base/share/classes/java/security/KeyStore.java*
> *+++ b/src/java.base/share/classes/java/security/KeyStore.java*
> @@ -318,7 +318,7 @@
> * for a given keystore type is set using the
> * {@code 'keystore.<type>.keyProtectionAlgorithm'} security
> property.
> * For example, the
> - * {@code keystore.PKCS12.keyProtectionAlgorithm} property
> stores the
> + * {@code keystore.pkcs12.keyProtectionAlgorithm} property
> stores the
> * name of the default key protection algorithm used for PKCS12
> * keystores. If the security property is not set, an
> * implementation-specific algorithm will be used.
>
> Shall I add some word to this method saying we should use lowercase or
> are we going to live with this lower+UPPER for every keystore type
> forever?
No. Let's just continue to check in the code for both variants of the
above property, but remove all references to the upper-case variant from
the javadocs and java.security file.
--Sean
>
> If yes, there will also be some text for its compatibility risk.
>
> Thanks
> Max
>
>>
>> --Sean
>>
>> On 9/28/18 9:36 AM, Weijun Wang wrote:
>>> Webrev updated at
>>> http://cr.openjdk.java.net/~weijun/8076190/webrev.04/
>>> <http://cr.openjdk.java.net/%7Eweijun/8076190/webrev.04/>
>>> Major changes:
>>> 1. Comment out key=value lines in java.security
>>> 2. Fix a bug in PBES2Parameters.java
>>> 3. Test no longer depends on openssl. Instead, use openssl to
>>> generate some pkcs12 files and included in the test.
>>> 4. A new test KeyProtAlgCompat.java to ensure compatibility on
>>> pkcs12/PKCS12 names
>>> I haven't made any change to KeyStore.java yet. CSR is also not updated.
>>> Thanks
>>> Max
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20181002/43ffe2f6/attachment.htm>
More information about the security-dev
mailing list