Mike Duigou wrote:
Vincent Ryan wrote:
Hello Mike,
This functionality is being planned for the JDK7 release. The existing
java.security.cert.CertificateFactory class can easily be enhanced with
several new methods:
o to create a certificate signing request
o to parse a certificate signing request
o to issue a new certificate
The features will be limited. There are no plans to define an API to
support a full CA.
I believe that the minimum required PKI extensions are for the API to
match the functionality offered by the command line 'keytool'. There are
too many projects which must currently include BouncyCastle (which is
nonetheless great and useful) only for the purposes of replicating
keytool functionality.
The API will match the cert creation functionality of keytool. It will
also support the creation of standardized certificate extensions.
Are the proposed API changes for JDK7 published anywhere?
A draft API is being prepared. I can circulate it for comments in the
next few weeks.
Mike
Mike Duigou wrote:
Hello!
Where can I find a published description of the enhancements and
extensions planned for JCE/JSSE in JDK 7?
To jump right to the point of my question: I'll be specifically looking
for extensions to allow all of the keytool functionality to be accessed
through public APIs. This is specifically PKCS#1 certificate generation
and PKCS#10 certificate signing requests. Neither of these are currently
available in the JDK 6 API but are available through keytool.
Mike
