Updated webrev to include java.security.PKCS12Attribute: http://cr.openjdk.java.net/~vinnie/8005408/webrev.01/
On 21/01/2013 15:18, Vincent Ryan wrote:
Hello, Please review the fix for 8005408. It adds support for associating attributes with keystore entries. It is yet another component of the JEP-166 delivery. This new API permits several enhancements to the PKCS12 keystore implementation: the storage of trusted certificates, storage of secret keys and support for entry metadata. Currently, only the PKCS12 keystore takes advantage of these new KeyStore APIs. Webrev: http://cr.openjdk.java.net/~vinnie/8005408/webrev.00/ For storing trusted certificates in PKCS12 a new SafeBag attribute (with a familiar syntax) is introduced to indicate a trust usage: |trustedKeyUsage ATTRIBUTE ::= {| |||WITH SYNTAX ExtKeyUsageSyntax| |||ID id-at-trustedKeyUsage -- object identifier from an Oracle arc| |}| |-- from RFC ||5832||, Section ||4.2||.||1.12| |||ExtKeyUsageSyntax ::= SEQUENCE SIZE (||1||..MAX) OF KeyPurposeId| |||KeyPurposeId ::= OBJECT IDENTIFIER| |||anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage ||0| |}| Note that this approach does not preclude the storage of a Trust Anchor List (as defined in RFC 5914) which was proposed earlier on this list. There is one omission from the webrev above: the java.security.PKCS12Attribute class needs some additional changes and will be posted shortly. Again, JEP-166 is on a tight schedule for M6 so your early comments are appreciated. Thanks.
