RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v2]
Weijun Wang
weijun at openjdk.java.net
Thu Apr 1 17:07:36 UTC 2021
On Thu, 1 Apr 2021 16:25:49 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1941:
>>
>>> 1939: signerFlag = true;
>>> 1940:
>>> 1941: if (keyStore.containsAlias(signerAlias) == false) {
>>
>> It's probably more precise to make sure the entry is a `PrivateKeyEntry` because we have other entries like `TrustedCertificateEntry` and `SecretKeyEntry`. Or you can double check this below to ensure both `signerPrivateKey` and `signerCert` are non null.
>
> As `RecoveryKey()` will make sure if the entry exists in the keystore and is a `PrivateKeyEntry`, removed this checking and updated to check for if `signerCert` is null.
Yes, it must be a private key entry. On the other hand, I think it's unnecessary to check about the `signerCert`. I don't think it'll be ever null.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3281
More information about the security-dev
mailing list