On June 14, 2010 10:30 AM, Clement Pellerin wrote: > Now that we know X509IssuerSerialResolver must resolve PrivateKeys, where > does it get it from? > I believe the answer is: the same place where it gets the list of > certificates. > My proposal is to augument the StorageResolver to return an iterator that > iterates over the PrivateKeys. > For completeness, we would need a third iterator for the SymmetricKeys.
This was a nice attempt except it does not work. For the KeyResolver to work, it must match the information in the message against the PrivateKey. Unfortunately, the PrivateKey is not self describing. This works when the KeyResolver is looking for a Certificate because the certificate contains a lot of information about itself, like the SubjectDN, the IssuerDN, etc... None of that is present in a PrivateKey. The closest we can do is to let the StorageResolver iterate structures similar to KeyStore.PrivateKeyEntry. This would have to be our own class to be compatible with JDK 1.4. I'm not convinced anymore. Should we consider the StorageResolver to be a simple CertStore iterator and leave it alone? How about adding a second constructor to each X509 KeyResolver to pass a KeyStore?
