RFR: 8301154: SunPKCS11 KeyStore deleteEntry results in dangling PrivateKey entries [v2]
Hai-May Chao
hchao at openjdk.org
Fri May 12 17:53:47 UTC 2023
On Fri, 12 May 2023 02:23:17 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private key or is an issuer of other entities in the same keystore.
>>
>> Thanks,
>> Valerie
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>
> Changed to use keytool to generate keypairs instead of importing from
> data files.
Marked as reviewed by hchao (Committer).
Changes look good to me. Nice to add the cert chain (i.e. root/ca1/pk1) to the test case. The raw file `temp.ks` is shown in the webrev (to be created by the test), so will not be part of the integration, right?
-------------
PR Review: https://git.openjdk.org/jdk/pull/13743#pullrequestreview-1424933567
PR Comment: https://git.openjdk.org/jdk/pull/13743#issuecomment-1546085439
More information about the security-dev
mailing list