On Wed, 20 Oct 2021 02:08:24 GMT, Weijun Wang <wei...@openjdk.org> wrote:

> Add `KeyStore::getAttributes` so that one can get the attributes of an entry 
> without retrieving the entry first. This is especially useful for a private 
> key entry which can only be retrieved with a password.

src/java.base/share/classes/java/security/KeyStore.java line 1035:

> 1033:      *      not extractable (For example, if the attributes is encrypted
> 1034:      *      in a private key entry or a secret key entry).
> 1035:      *

I think this would read better if you broke it up into multiple sentences, ex: 
"an unmodifiable {@code Set} of attributes. The set may be empty if the given 
alias does not exist, or the alias does exist but there are no attributes 
associated with it or the attributes are not extractable (for example, the 
attributes may not be extractable if they are encrypted in a private key or 
secret key entry)."

You may also want to add a sentence to try the `KeyStore$Entry::getAttributes` 
method if there are no attributes.

Did you consider throwing a KeyStoreException if they are not extractable? It 
would be useful to distinguish that case from an alias that has no attributes.

src/java.base/share/classes/java/security/KeyStore.java line 1038:

> 1036:      * @throws    KeyStoreException if the keystore has not been 
> initialized
> 1037:      * (loaded).
> 1038:      *

throw NPE if alias is null?

src/java.base/share/classes/java/security/KeyStoreSpi.java line 450:

> 448:     /**
> 449:      * Retrieves the attributes associated with the given alias.
> 450:      *

You should also document the default implementation.

src/java.base/share/classes/java/security/KeyStoreSpi.java line 457:

> 455:      */
> 456:     public Set<Entry.Attribute> engineGetAttributes(String alias) {
> 457:         return Collections.emptySet();

Would `Set.of()` be better here?

-------------

PR: https://git.openjdk.java.net/jdk/pull/6026

Reply via email to