Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-5067456

Need X509KeyManager that supports KeyStoreBuilderParameters

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: unknown, 5.0
    • Fix Version/s: 5.0
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b58
    • CPU:
      generic
    • OS:
      generic

      Description

      A JSSE X509KeyManager is needed that can be initialized using KeyStoreBuilderParameters objects, i.e. one or more KeyStore.Builder objects. This is more flexible and among other things enables applications to:

       . delay KeyStore initialization (and thereby password input/prompting) to the point where the KeyStore is actually needed, rather than having to initialize it at application startup time.

       . use keys from multiple KeyStores simultaneously

       . have keys protected by different passwords (when used with an appropriate Builder subclass)

      To fully support the Smartcard use case this KeyManager also needs to:

       . deal with KeyStores that change over the application lifetime (Smartcards inserted/removed)

       . if there are multiple certificates available, choose the one that has the correct key usage and is not expired.

      For compatibility reasons, it may be difficult to add those features to the existing SunX509 KeyManager. It would be better to add a new KeyManager implementation.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andreas Andreas Sterbenz
                Reporter:
                andreas Andreas Sterbenz
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: