RFR: 8301154: SunPKCS11 KeyStore deleteEntry results in dangling PrivateKey entries

Hai-May Chao hchao at openjdk.org
Fri May 5 20:51:19 UTC 2023


On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> Could someone help review this PKCS11KeyStore fix regarding the cert chain removal?
> 
> The proposed fix will not remove the cert if it has a corresponding private key or is an issuer of other entities in the same keystore.
> 
> Thanks,
> Valerie

As Max pointed out to use SecurityTools.keytool to generate keys/certs, I'd like to suggest using it to add a test case for pk1->pk2->ca, to test when deleting an intermediate cert.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/13743#issuecomment-1536764393



More information about the security-dev mailing list