Add ToolProvider interface implementation keytool
Wojtek
wojtek at unir.se
Tue May 7 10:16:32 UTC 2024
Hello,
Move to strongly encapsulate JDK internals (i.e. JEP-403 and 396) affected access to generating
self-signed certificates. JEP itself states:
> Code that uses the sun.security.tools.keytool.CertAndKeyGen class to generate self-signed
certificates. There is not yet a standard API for this functionality (though a request has been
submitted [1]); in the mean time, developers can use existing third-party libraries that include
this functionality.
However, linked issue [1] was just closed with "wontfix" status:
> Closing as "Won't Fix". We have no plans to provide APIs for creating certificates. The "keytool
-gencert" option can be used to create certificates and is the only mechanism that we will support.
While using 'keytool' can be OK, it was brought to my attention existence of
`java.util.spi.ToolProvider` interface that would help avoid starting new VM.
Would it be possible/could be considered to add implementation of ToolProvider to the `keytool`?
[1] https://bugs.openjdk.java.net/browse/JDK-8058778
--
Wojtek
More information about the security-dev
mailing list