RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v2]

Weijun Wang weijun at openjdk.java.net
Thu Apr 1 17:07:36 UTC 2021


On Thu, 1 Apr 2021 16:25:49 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1941:
>> 
>>> 1939:             signerFlag = true;
>>> 1940: 
>>> 1941:             if (keyStore.containsAlias(signerAlias) == false) {
>> 
>> It's probably more precise to make sure the entry is a `PrivateKeyEntry` because we have other entries like `TrustedCertificateEntry` and `SecretKeyEntry`. Or you can double check this below to ensure both `signerPrivateKey` and `signerCert` are non null.
>
> As `RecoveryKey()` will make sure if the entry exists in the keystore and is a `PrivateKeyEntry`, removed this checking and updated to check for if `signerCert` is null.

Yes, it must be a private key entry. On the other hand, I think it's unnecessary to check about the `signerCert`. I don't think it'll be ever null.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3281



More information about the security-dev mailing list