Still reviewing but here are some initial comments.
It seems this is more than a fix for JDK-8076190. It also adds
configuration properties for the PKCS12 algorithms. I think you should
expand the scope/description of the issue to include that.
* HmacPKCS12PBECore.java
The class description should be updated to PKCS #12 v1.1 and list the
new algorithms that you added.
* java.security
Change "PKCS 12" to "PKCS12" to match the standard name.
These properties are also for existing keystores so I would change the
first sentence to mention that, ex:
"... during the creation of a new keystore or modification of an
existing keystore."
The default alg values seem somewhat weak. Can we upgrade them or is
there a compatibility issue/risk?
--Sean
On 8/9/18 5:55 AM, Weijun Wang wrote:
Webrev updated at
http://cr.openjdk.java.net/~weijun/8076190/webrev.02
The only change is in keytool/Main and the test. keytool will not prompt for
store password if it detects a password-less keystore.
This is 3) below.
Thanks
Max
On Jul 24, 2018, at 6:49 PM, Weijun Wang <weijun.w...@oracle.com> wrote:
Please review the code change and CSR at
webrev: http://cr.openjdk.java.net/~weijun/8076190/webrev.01/
CSR: https://bugs.openjdk.java.net/browse/JDK-8202590
The bug is at
https://bugs.openjdk.java.net/browse/JDK-8076190
This is the 1st part of the process to make cacerts using pkcs12:
1. Support passwordless access to PKCS12 keystores
2. Update default algorithms and params when creating a PKCS12 keystore
3. Update keytool to support passwordless pkcs12 keystores
4. Migrate cacerts to pkcs12
Thanks
Max