Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6586284

X509KeyManager and X509TrustManager need pre-keystore access callbacks

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Won't Fix
    • Icon: P3 P3
    • None
    • 6u2
    • security-libs
    • None

      The classes KeyManager and TrustManager and their extended versions are used in conjunction with instances of KeyStore. If the KeyStore is updated dynamically it will be necessary to inspect the keystore before acessing it via KeyManager and TrustManager. The only way of doing this at present is to subclass KeyManager and TrustManager (in fact to subclass X509ExtendedKeyManager and X509ExtendedTrustManager) to add the required functionality, and this is not an altogether straightforward process.

      The RFE is to add callback hooks to KeyManager and TrustManager (or the X509 subclasses). These callbacks would be made whenever a new connection was being made, and would enable key and trust store updates to be detected, and the keystores to be updated before the connection was made.

            xuelei Xuelei Fan
            alanbur Alan Burlison
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: