RFR: 8225181: KeyStore should have a getAttributes method

Sean Mullan mullan at openjdk.java.net
Mon Oct 25 14:40:11 UTC 2021


On Wed, 20 Oct 2021 02:08:24 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Add `KeyStore::getAttributes` so that one can get the attributes of an entry without retrieving the entry first. This is especially useful for a private key entry which can only be retrieved with a password.

src/java.base/share/classes/java/security/KeyStore.java line 1035:

> 1033:      *      not extractable (For example, if the attributes is encrypted
> 1034:      *      in a private key entry or a secret key entry).
> 1035:      *

I think this would read better if you broke it up into multiple sentences, ex: "an unmodifiable {@code Set} of attributes. The set may be empty if the given alias does not exist, or the alias does exist but there are no attributes associated with it or the attributes are not extractable (for example, the attributes may not be extractable if they are encrypted in a private key or secret key entry)."

You may also want to add a sentence to try the `KeyStore$Entry::getAttributes` method if there are no attributes.

Did you consider throwing a KeyStoreException if they are not extractable? It would be useful to distinguish that case from an alias that has no attributes.

src/java.base/share/classes/java/security/KeyStore.java line 1038:

> 1036:      * @throws    KeyStoreException if the keystore has not been initialized
> 1037:      * (loaded).
> 1038:      *

throw NPE if alias is null?

src/java.base/share/classes/java/security/KeyStoreSpi.java line 450:

> 448:     /**
> 449:      * Retrieves the attributes associated with the given alias.
> 450:      *

You should also document the default implementation.

src/java.base/share/classes/java/security/KeyStoreSpi.java line 457:

> 455:      */
> 456:     public Set<Entry.Attribute> engineGetAttributes(String alias) {
> 457:         return Collections.emptySet();

Would `Set.of()` be better here?

-------------

PR: https://git.openjdk.java.net/jdk/pull/6026


More information about the security-dev mailing list