RFR: 8225181: KeyStore should have a getAttributes method [v3]
Sean Mullan
mullan at openjdk.java.net
Thu Nov 4 13:53:16 UTC 2021
On Thu, 4 Nov 2021 13:44:52 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/java/security/KeyStore.java line 1027:
>>
>>> 1025: *
>>> 1026: * @implSpec
>>> 1027: * The default implementation returns an empty {@code Set}.
>>
>> Would it make more sense for the default impl to throw `UnsupportedOperationException` or maybe call `getEntry(alias, null)`? Otherwise, an application cannot know the difference between an alias that has no attributes and an alias that has attributes but is from a `KeyStore` impl that has not overridden the corresponding Spi method.
>
> The one benefit I can think of to throw a UOE is that the caller can fallback to `getEntry(...).getAttributes()` when an exception is thrown. However, as far as I know, our PKCS12KeyStore is the only KeyStore implementation that has made use of attributes. Therefore it's still not late for another implementation to start supporting both at the same time. For most of the KeyStore implementations, both `ks.getAttributes()` and `ks.getEntry(...).getAttributes()` returning empty seems more consistent.
But we could just override those other implementations to always return an empty Set. I would prefer if an application could distinguish between these two cases w/o knowing whether the underlying implementation supports attributes or not.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6026
More information about the security-dev
mailing list