RFR: 8225181: KeyStore should have a getAttributes method

Weijun Wang weijun at openjdk.java.net
Tue Oct 26 15:39:11 UTC 2021 

On Mon, 25 Oct 2021 14:34:57 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry without retrieving the entry first. This is especially useful for a private key entry which can only be retrieved with a password.
>
> src/java.base/share/classes/java/security/KeyStore.java line 1035:
> 
>> 1033:      *      not extractable (For example, if the attributes is encrypted
>> 1034:      *      in a private key entry or a secret key entry).
>> 1035:      *
> 
> I think this would read better if you broke it up into multiple sentences, ex: "an unmodifiable {@code Set} of attributes. The set may be empty if the given alias does not exist, or the alias does exist but there are no attributes associated with it or the attributes are not extractable (for example, the attributes may not be extractable if they are encrypted in a private key or secret key entry)."
> 
> You may also want to add a sentence to try the `KeyStore$Entry::getAttributes` method if there are no attributes.
> 
> Did you consider throwing a KeyStoreException if they are not extractable? It would be useful to distinguish that case from an alias that has no attributes.

This is complicated. Theoretically a KeyStore implementation can store some attributes in clear text and some encrypted, and it's probably not possible to know if there exist any encrypted ones before actually decrypting the entry. Maybe I should say "For a PrivateKeyEntry or SecretKeyEntry, some attributes might only be available after the entry is extracted by the getEntry() method. Try calling the entry's getAttributes() method to see if there are any".

> src/java.base/share/classes/java/security/KeyStoreSpi.java line 450:
> 
>> 448:     /**
>> 449:      * Retrieves the attributes associated with the given alias.
>> 450:      *
> 
> You should also document the default implementation.

OK.

-------------

PR: https://git.openjdk.java.net/jdk/pull/6026

More information about the security-dev mailing list