On Mon, 25 Oct 2021 14:34:57 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
>
> src/java.base/share/classes/java/security/KeyStore.java line 1035:
>
>> 1033: * not extractable (For example, if the attributes is
>> encrypted
>> 1034: * in a private key entry or a secret key entry).
>> 1035: *
>
> I think this would read better if you broke it up into multiple sentences,
> ex: "an unmodifiable {@code Set} of attributes. The set may be empty if the
> given alias does not exist, or the alias does exist but there are no
> attributes associated with it or the attributes are not extractable (for
> example, the attributes may not be extractable if they are encrypted in a
> private key or secret key entry)."
>
> You may also want to add a sentence to try the
> `KeyStore$Entry::getAttributes` method if there are no attributes.
>
> Did you consider throwing a KeyStoreException if they are not extractable? It
> would be useful to distinguish that case from an alias that has no attributes.
This is complicated. Theoretically a KeyStore implementation can store some
attributes in clear text and some encrypted, and it's probably not possible to
know if there exist any encrypted ones before actually decrypting the entry.
Maybe I should say "For a PrivateKeyEntry or SecretKeyEntry, some attributes
might only be available after the entry is extracted by the getEntry() method.
Try calling the entry's getAttributes() method to see if there are any".
> src/java.base/share/classes/java/security/KeyStoreSpi.java line 450:
>
>> 448: /**
>> 449: * Retrieves the attributes associated with the given alias.
>> 450: *
>
> You should also document the default implementation.
OK.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6026
