RFR: 8306688: Support Windows serialized keystores (SST files)
Weijun Wang
weijun at openjdk.org
Tue May 30 16:27:55 UTC 2023
On Fri, 26 May 2023 21:09:35 GMT, Mat Carter <macarte at openjdk.org> wrote:
> Added ability to load keystores from SST files on Windows. Example usage:
>
> KeyStore keyStore = KeyStore.getInstance("Windows-SST");
> try (FileInputStream fis = new FileInputStream("mykeystore.sst")) {
> keyStore.load(fis, null);
> }
>
> Note that its not limited to file streams, it can be any stream.
>
> The feature is behind a runtime flag ("sun.security.mscapi.keyStoreSSTSupport") as the KeyStore must have an input stream, but the JCK tests assume an input stream is optional
>
> tier1 tests for linux/macos/Windows for x86_64
If you only do (1) without (3), user might have a false feeling that they can modify the content but persist it. Worse, because `KeyStore::store` works on an output stream, they are likely to wipe out the original SST file.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14187#issuecomment-1568728472
More information about the security-dev
mailing list