-
Bug
-
Resolution: Fixed
-
P3
-
unknown, 5.0
-
b58
-
generic
-
generic
A JSSE X509KeyManager is needed that can be initialized using KeyStoreBuilderParameters objects, i.e. one or more KeyStore.Builder objects. This is more flexible and among other things enables applications to:
. delay KeyStore initialization (and thereby password input/prompting) to the point where the KeyStore is actually needed, rather than having to initialize it at application startup time.
. use keys from multiple KeyStores simultaneously
. have keys protected by different passwords (when used with an appropriate Builder subclass)
To fully support the Smartcard use case this KeyManager also needs to:
. deal with KeyStores that change over the application lifetime (Smartcards inserted/removed)
. if there are multiple certificates available, choose the one that has the correct key usage and is not expired.
For compatibility reasons, it may be difficult to add those features to the existing SunX509 KeyManager. It would be better to add a new KeyManager implementation.
. delay KeyStore initialization (and thereby password input/prompting) to the point where the KeyStore is actually needed, rather than having to initialize it at application startup time.
. use keys from multiple KeyStores simultaneously
. have keys protected by different passwords (when used with an appropriate Builder subclass)
To fully support the Smartcard use case this KeyManager also needs to:
. deal with KeyStores that change over the application lifetime (Smartcards inserted/removed)
. if there are multiple certificates available, choose the one that has the correct key usage and is not expired.
For compatibility reasons, it may be difficult to add those features to the existing SunX509 KeyManager. It would be better to add a new KeyManager implementation.
- duplicates
-
-
- Closed
-