I see the point that a trust anchor should be trusted. In application
level, we don't actually check weakness of trust anchor because the user
has made the decision to trust the cert. However, in keytool level, I
think it might be nice to warning weakness in trust anchor too so that
users can aware of weakness and make a good decision. Maybe, a user
don't want to trust a cert again if he knows there are weakness.
What do you think?
Xuelei
On 3/29/2017 1:38 AM, Weijun Wang wrote:
Webrev updated at
http://cr.openjdk.java.net/~weijun/8177569/webrev.01
Changes since last version:
- Trusted cert entries in the current keystore are also trusted. See the
new isTrusted() method.
- A cert is treated as a root CA cert only if -trustcacerts is specified.
- In the current keytool documentation, -trustcacerts is only designed
for -importcert, and it should have no effect on other commands.
Therefore the internal trustcacerts flag is reset when command is not
IMPORTCERT. We might re-consider this in a future release (JDK-8177760).
- Several checkWeak() calls are moved before keyStore change so the
check is only based on original keystore content. This prevents a new
cert treated trusted while it is being -import'ed.
- Test modifications.
Thanks
Max
On 03/27/2017 09:43 AM, Weijun Wang wrote:
Please take a review at
http://cr.openjdk.java.net/~weijun/8177569/webrev.00/
Since our implementation of CertPath validation does not check for the
signature algorithm of a root CA, keytool should not warn about its
weakness either.
Thanks
Max
