The code itself looks good, but I didn't see a regression tests. Is
this what JDK-8207174 will be for?
On 7/11/2018 11:53 PM, Alan Bateman wrote:
On 12/07/2018 05:47, Xuelei Fan wrote:
It's an interesting user case of the TrustManagerFactory and
KeyManagerFactory. The KeyManager or TrustManager implementation may
be not implemented in the same provider as SSLSocket/SSLEngine.
See also
http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017536.html.
Xuelei - is there follow-up work to develop some tests that use custom
KeyManager or TrustManager implementations that are in different
providers to the SSLEngine. I realize not many will do that but it seems
easy to break these type of scenarios if we don't have tests.
If I understand your question correctly, custom KM/TM are quite common.
I routinely write custom impls to wrap functionality around the behavior
of the stock TM/KM. e.g. outputting debug information.
class MyTM extends X509TrustManager {
private final X509TrustManager tm;
MyTM(X509TrustManager tm) {
theTM = tm;
}
checkTrusted(args)
System.out.println(args);
tm.checkTrusts(args)
}
}
Brad
