RFR: 8301154: SunPKCS11 KeyStore deleteEntry results in dangling PrivateKey entries

Weijun Wang weijun at openjdk.org
Fri May 5 22:56:13 UTC 2023


On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> Could someone help review this PKCS11KeyStore fix regarding the cert chain removal?
> 
> The proposed fix will not remove the cert if it has a corresponding private key or is an issuer of other entities in the same keystore.
> 
> Thanks,
> Valerie

It's your decision. My point is that PEM data files, although in text mode, are still binary data and not human readable. You probably need some explanation on how to recreate them and that is equivalent to adding several `keytool` calls inside the test. 

Yes, I understand with the key generation calls the test will run much slower.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/13743#issuecomment-1536869563


More information about the security-dev mailing list