-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 5.0
-
Component/s: security-libs
-
b31
-
generic
-
generic
The JSSE X509KeyManager currently can only be initialized using a single, already loaded KeyStore. Changes made to the KeyStore after the X509KeyManager object has been initialized are ignored.
This is insufficient for Smartcard support. The requirements there are:
. the Smartcard can be inserted and removed at any time.
. it must be possible to prompt the user for the PIN using an application specified callback
. the user should not be prompted for the PIN until it is actually needed
. it must be possible to use multiple KeyStores simultaneously (e.g. a Java PKCS12KeyStore plus one or more Smartcards).
A new class to abstract information about a KeyStore instance and a parameter class to initialize the X509KeyManager should be defined.
This is insufficient for Smartcard support. The requirements there are:
. the Smartcard can be inserted and removed at any time.
. it must be possible to prompt the user for the PIN using an application specified callback
. the user should not be prompted for the PIN until it is actually needed
. it must be possible to use multiple KeyStores simultaneously (e.g. a Java PKCS12KeyStore plus one or more Smartcards).
A new class to abstract information about a KeyStore instance and a parameter class to initialize the X509KeyManager should be defined.
- relates to
-
-
- Resolved
-