RFR 8215776: Keytool importkeystore may mix up certificate chain entries when DNs conflict

Xuelei Fan xuelei.fan at oracle.com
Wed Jan 16 17:49:43 UTC 2019


Hi Max,

I did not look into the detailed implementation of findIssuer() yet. 
Have you considered to use java.security.cert.X509CertSelector?

Thanks,
Xuelei

On 1/9/2019 6:59 AM, Weijun Wang wrote:
> Please take a review at
> 
>    https://cr.openjdk.java.net/~weijun/8215776/webrev.00/
> 
> PKCS12KeyStore now can find certificate issuers more precisely using SubjectKeyIdentifier and AuthorityKeyIdentifier. I thought about using CertPath builder or checking signatures but those changes are too much.
> 
> Thanks,
> Max
> 



More information about the security-dev mailing list