RFR 8076190: Customizing the generation of a PKCS12 keystore

Weijun Wang weijun.wang at oracle.com
Mon Oct 8 15:26:24 UTC 2018 

CSR updated. Please take a review.

   https://bugs.openjdk.java.net/browse/JDK-8202590

A slightly updated webrev at

   https://cr.openjdk.java.net/~weijun/8076190/webrev.05

Thanks
Max

> On Oct 3, 2018, at 12:51 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 10/1/18 8:02 PM, Weijun Wang wrote:
>> 
>> 
>>> On Oct 2, 2018, at 2:49 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>> 
>>> Looks good. After you update the CSR with these changes, I can review it.
>> 
>> Sure.
>> 
>> How do you think of the following change? Shall I also add it?
> 
> Yes.
>> 
>> diff --git a/src/java.base/share/classes/java/security/KeyStore.java b/src/java.base/share/classes/java/security/KeyStore.java
>> --- a/src/java.base/share/classes/java/security/KeyStore.java
>> +++ b/src/java.base/share/classes/java/security/KeyStore.java
>> @@ -318,7 +318,7 @@
>>           * for a given keystore type is set using the
>>           * {@code 'keystore.<type>.keyProtectionAlgorithm'} security property.
>>           * For example, the
>> -         * {@code keystore.PKCS12.keyProtectionAlgorithm} property stores the
>> +         * {@code keystore.pkcs12.keyProtectionAlgorithm} property stores the
>>           * name of the default key protection algorithm used for PKCS12
>>           * keystores. If the security property is not set, an
>>           * implementation-specific algorithm will be used.
>> 
>> Shall I add some word to this method saying we should use lowercase or are we going to live with this lower+UPPER for every keystore type forever?
> No. Let's just continue to check in the code for both variants of the above property, but remove all references to the upper-case variant from the javadocs and java.security file.
> 
> --Sean
>> 
>> If yes, there will also be some text for its compatibility risk.
>> 
>> Thanks
>> Max
>> 
>>> 
>>> --Sean
>>> 
>>> On 9/28/18 9:36 AM, Weijun Wang wrote:
>>>> Webrev updated at
>>>>    http://cr.openjdk.java.net/~weijun/8076190/webrev.04/
>>>> Major changes:
>>>> 1. Comment out key=value lines in java.security
>>>> 2. Fix a bug in PBES2Parameters.java
>>>> 3. Test no longer depends on openssl. Instead, use openssl to generate some pkcs12 files and included in the test.
>>>> 4. A new test KeyProtAlgCompat.java to ensure compatibility on pkcs12/PKCS12 names
>>>> I haven't made any change to KeyStore.java yet. CSR is also not updated.
>>>> Thanks
>>>> Max
>> 
>>

More information about the security-dev mailing list