RFR: 8225181: KeyStore should have a getAttributes method

[Sean Mullan]

On Tue, 26 Oct 2021 15:35:40 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> src/java.base/share/classes/java/security/KeyStore.java line 1035:
>> 
>>> 1033:      *      not extractable (For example, if the attributes is encrypted
>>> 1034:      *      in a private key entry or a secret key entry).
>>> 1035:      *
>> 
>> I think this would read better if you broke it up into multiple sentences, ex: "an unmodifiable {@code Set} of attributes. The set may be empty if the given alias does not exist, or the alias does exist but there are no attributes associated with it or the attributes are not extractable (for example, the attributes may not be extractable if they are encrypted in a private key or secret key entry)."
>> 
>> You may also want to add a sentence to try the `KeyStore$Entry::getAttributes` method if there are no attributes.
>> 
>> Did you consider throwing a KeyStoreException if they are not extractable? It would be useful to distinguish that case from an alias that has no attributes.
>
> This is complicated. Theoretically a KeyStore implementation can store some attributes in clear text and some encrypted, and it's probably not possible to know if there exist any encrypted ones before actually decrypting the entry. Maybe I should say "For a PrivateKeyEntry or SecretKeyEntry, some attributes might only be available after the entry is extracted by the getEntry() method. Try calling the entry's getAttributes() method to see if there are any".

Yes, a sentence like that would help. Some suggested tweaks: "For a PrivateKeyEntry or SecretKeyEntry, some attributes may be protected and not available unless the entry is first extracted by the getEntry() method."

I don't think you need the last sentence.

-------------

PR: https://git.openjdk.java.net/jdk/pull/6026