On Oct 11, 2014, at 0:24, Vincent Ryan <[email protected]> wrote:
>>
>> BTW, I see that DomainKeyStore#load(stream,pass) is designed to load a
>> keystore of JKS (or another default storetype). Why didn't we load a DKS
>> config file (with common passwords or all null)?
>
> The DKS implementation supports the common use case of loading a single
> keystore from a file to aid compatibility with existing
> keystore applications and existing keystores.
Who would want such compatibility when the keystore was created with
KeyStore.getInstance("DKS")? It makes some sense if DKS is the future default
store type, but I thought it's PKCS12.
>
> Although I can also see the advantage of supporting a DKS configuration file
> via that load method. Maybe the implementation
> should support both?
I would like to see that, and maybe it's even better to support loading a DKS
with multiple passwords. How we would handle this bug (8059818) is TBD, but
JSSE already has "javax.net.ssl.trustStore", "javax.net.ssl.trustStoreType" and
"javax.net.ssl.trustStorePassword". It will be nice if a DKS keystore can be
used there.
--Max
