Add ToolProvider interface implementation keytool
Wei-Jun Wang
weijun.wang at oracle.com
Tue May 7 11:33:08 UTC 2024
We had a proposal for this at https://bugs.openjdk.org/browse/JDK-6539136 and it's also withdrawn. I've added some comments to it. Keytool is quite different from other tools because it's interactive and involves keystore and passwords.
Thanks,
Weijun
> On May 7, 2024, at 6:16 AM, Wojtek <wojtek at unir.se> wrote:
>
> Hello,
> Move to strongly encapsulate JDK internals (i.e. JEP-403 and 396) affected access to generating self-signed certificates. JEP itself states:
>
> > Code that uses the sun.security.tools.keytool.CertAndKeyGen class to generate self-signed certificates. There is not yet a standard API for this functionality (though a request has been submitted [1]); in the mean time, developers can use existing third-party libraries that include this functionality.
>
> However, linked issue [1] was just closed with "wontfix" status:
>
> > Closing as "Won't Fix". We have no plans to provide APIs for creating certificates. The "keytool -gencert" option can be used to create certificates and is the only mechanism that we will support.
>
> While using 'keytool' can be OK, it was brought to my attention existence of `java.util.spi.ToolProvider` interface that would help avoid starting new VM.
>
> Would it be possible/could be considered to add implementation of ToolProvider to the `keytool`?
>
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8058778
> --
> Wojtek
More information about the security-dev
mailing list