On Tue, 26 Oct 2021 15:35:40 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.base/share/classes/java/security/KeyStore.java line 1035:
>>
>>> 1033: * not extractable (For example, if the attributes is
>>> encrypted
>>> 1034: * in a private key entry or a secret key entry).
>>> 1035: *
>>
>> I think this would read better if you broke it up into multiple sentences,
>> ex: "an unmodifiable {@code Set} of attributes. The set may be empty if the
>> given alias does not exist, or the alias does exist but there are no
>> attributes associated with it or the attributes are not extractable (for
>> example, the attributes may not be extractable if they are encrypted in a
>> private key or secret key entry)."
>>
>> You may also want to add a sentence to try the
>> `KeyStore$Entry::getAttributes` method if there are no attributes.
>>
>> Did you consider throwing a KeyStoreException if they are not extractable?
>> It would be useful to distinguish that case from an alias that has no
>> attributes.
>
> This is complicated. Theoretically a KeyStore implementation can store some
> attributes in clear text and some encrypted, and it's probably not possible
> to know if there exist any encrypted ones before actually decrypting the
> entry. Maybe I should say "For a PrivateKeyEntry or SecretKeyEntry, some
> attributes might only be available after the entry is extracted by the
> getEntry() method. Try calling the entry's getAttributes() method to see if
> there are any".
Yes, a sentence like that would help. Some suggested tweaks: "For a
PrivateKeyEntry or SecretKeyEntry, some attributes may be protected and not
available unless the entry is first extracted by the getEntry() method."
I don't think you need the last sentence.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6026
