Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8196600

Add example to show how to have TrustManager take the validity dates of trust anchors into account

    Details

    • Type: Enhancement
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 11
    • Component/s: docs
    • Labels:
    • Subcomponent:
    • OS:
      generic

      Backports

        Description

        From the submitter:
        I believe it would be a useful enhancement request to be able to
        configure the TrustManager to take account of the validity dates of the
        trust anchor. Does the Oracle security team have any objections to me
        taking the information in this report and submitting an enhancement
        request to that effect?

        Analysis:
        We should avoid adding non-standard hooks into the
        implementation since the API (at least for this case) is
        flexible enough to do this themselves w/o too much effort.

        In that case documenting the case should address anyone else who has the same issue. The JSSE Reference Guide is likely the best place.

        Create a PKIXBuilderParameters object with a filtered Set of TrustAnchors (i.e. write a small amount of code that checks for and removes any that are expired) and encapsulate that in a CertPathTrustParameters object which would then be passed into the TrustManagerFactory.init method.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  rgallard Raymond Gallardo
                  Reporter:
                  ahgross Andrew Gross
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: