On 10/8/18 11:26 AM, Weijun Wang wrote:
CSR updated. Please take a review.
https://bugs.openjdk.java.net/browse/JDK-8202590
# ... If there
# is at least one certificate in the existing keystore, the algorithm and
# parameter used to encrypt the last certificate in the existing
keystore will
# be reused to encrypt all certificates while storing. If the last
certificate
# in the existing keystore is not encrypted, all certificates will be stored
# unencrypted.
Can you remind me why you can't store the certificates using the same
encryption algorithms that were previously used?
# "keystore.pkcs12.keyPbeIterationCount" values define here.
Typo: defined
# The algorithm used to calculated the optional MacData at the end of a
PKCS12
Typo: calculate
--Sean
A slightly updated webrev at
https://cr.openjdk.java.net/~weijun/8076190/webrev.05
Thanks
Max
On Oct 3, 2018, at 12:51 AM, Sean Mullan <sean.mul...@oracle.com> wrote:
On 10/1/18 8:02 PM, Weijun Wang wrote:
On Oct 2, 2018, at 2:49 AM, Sean Mullan <sean.mul...@oracle.com> wrote:
Looks good. After you update the CSR with these changes, I can review it.
Sure.
How do you think of the following change? Shall I also add it?
Yes.
diff --git a/src/java.base/share/classes/java/security/KeyStore.java
b/src/java.base/share/classes/java/security/KeyStore.java
--- a/src/java.base/share/classes/java/security/KeyStore.java
+++ b/src/java.base/share/classes/java/security/KeyStore.java
@@ -318,7 +318,7 @@
* for a given keystore type is set using the
* {@code 'keystore.<type>.keyProtectionAlgorithm'} security property.
* For example, the
- * {@code keystore.PKCS12.keyProtectionAlgorithm} property stores the
+ * {@code keystore.pkcs12.keyProtectionAlgorithm} property stores the
* name of the default key protection algorithm used for PKCS12
* keystores. If the security property is not set, an
* implementation-specific algorithm will be used.
Shall I add some word to this method saying we should use lowercase or are we
going to live with this lower+UPPER for every keystore type forever?
No. Let's just continue to check in the code for both variants of the above
property, but remove all references to the upper-case variant from the javadocs
and java.security file.
--Sean
If yes, there will also be some text for its compatibility risk.
Thanks
Max
--Sean
On 9/28/18 9:36 AM, Weijun Wang wrote:
Webrev updated at
http://cr.openjdk.java.net/~weijun/8076190/webrev.04/
Major changes:
1. Comment out key=value lines in java.security
2. Fix a bug in PBES2Parameters.java
3. Test no longer depends on openssl. Instead, use openssl to generate some
pkcs12 files and included in the test.
4. A new test KeyProtAlgCompat.java to ensure compatibility on pkcs12/PKCS12
names
I haven't made any change to KeyStore.java yet. CSR is also not updated.
Thanks
Max