8225181: KeyStore should have a getAttributes method #6026
Conversation
8225181: KeyStore should have a getAttributes method
|
👋 Welcome back weijun! A progress list of the required criteria for merging this PR into |
Webrevs
|
|
/csr |
|
@wangweij this pull request will not be integrated until the CSR request JDK-8275748 for issue JDK-8225181 has been approved. |
| * attributes associated with it, or the attributes are | ||
| * not extractable (For example, if the attributes is encrypted | ||
| * in a private key entry or a secret key entry). | ||
| * |
There was a problem hiding this comment.
I think this would read better if you broke it up into multiple sentences, ex: "an unmodifiable {@code Set} of attributes. The set may be empty if the given alias does not exist, or the alias does exist but there are no attributes associated with it or the attributes are not extractable (for example, the attributes may not be extractable if they are encrypted in a private key or secret key entry)."
You may also want to add a sentence to try the KeyStore$Entry::getAttributes method if there are no attributes.
Did you consider throwing a KeyStoreException if they are not extractable? It would be useful to distinguish that case from an alias that has no attributes.
There was a problem hiding this comment.
This is complicated. Theoretically a KeyStore implementation can store some attributes in clear text and some encrypted, and it's probably not possible to know if there exist any encrypted ones before actually decrypting the entry. Maybe I should say "For a PrivateKeyEntry or SecretKeyEntry, some attributes might only be available after the entry is extracted by the getEntry() method. Try calling the entry's getAttributes() method to see if there are any".
There was a problem hiding this comment.
Yes, a sentence like that would help. Some suggested tweaks: "For a PrivateKeyEntry or SecretKeyEntry, some attributes may be protected and not available unless the entry is first extracted by the getEntry() method."
I don't think you need the last sentence.
There was a problem hiding this comment.
I wonder if someone will interpret this as "after I've called getEntry on a private key, I can get the encrypted attributes through KeyStore::getAttributes". How about something like "and only available through the {@link KeyEntry.getAttributres} method after the entry is extracted"?
There was a problem hiding this comment.
New commit pushed. The words are sightly different between in KeyStore and KeyStoreSpi. CSR updated as well.
| * | ||
| * @param alias the alias name | ||
| * @return an unmodifiable {@code Set} of attributes, possibly empty | ||
| * if the given alias does not exist, or there is no |
| * The default implementation returns an empty {@code Set}. | ||
| * | ||
| * @param alias the alias name | ||
| * @return an unmodifiable {@code Set} of attributes, possibly empty |
There was a problem hiding this comment.
If the alias does not exist, then is it definitely always empty? I think the word "possibly" here may be a bit misleading. Maybe reword this as:
"an unmodifiable {@code Set} of attributes." This set is empty if the given alias does not exist or there are no attributes associated with the alias. This set may also be empty for PrivateKeyEntry or SecretKeyEntry entries that contain protected attributes and are only available through the ... "
There was a problem hiding this comment.
Updated as suggested. CSR updated as well.
| * Retrieves the attributes associated with the given alias. | ||
| * | ||
| * @implSpec | ||
| * The default implementation returns an empty {@code Set}. |
There was a problem hiding this comment.
Would it make more sense for the default impl to throw UnsupportedOperationException or maybe call getEntry(alias, null)? Otherwise, an application cannot know the difference between an alias that has no attributes and an alias that has attributes but is from a KeyStore impl that has not overridden the corresponding Spi method.
There was a problem hiding this comment.
The one benefit I can think of to throw a UOE is that the caller can fallback to getEntry(...).getAttributes() when an exception is thrown. However, as far as I know, our PKCS12KeyStore is the only KeyStore implementation that has made use of attributes. Therefore it's still not late for another implementation to start supporting both at the same time. For most of the KeyStore implementations, both ks.getAttributes() and ks.getEntry(...).getAttributes() returning empty seems more consistent.
There was a problem hiding this comment.
But we could just override those other implementations to always return an empty Set. I would prefer if an application could distinguish between these two cases w/o knowing whether the underlying implementation supports attributes or not.
|
New commit pushed. Typo, I meant "refine". |
|
New commits pushed. Except for the merge commits, the only change is method spec update to match the text in the approved CSR. |
|
Mailing list message from Michael StJohns on security-dev: Hi - Generically, PKCS12 doesn't require an alias (friendlyName) for a Mike On 11/30/2021 8:15 PM, Weijun Wang wrote: |
|
Mailing list message from Wei-Jun Wang on security-dev: My understanding is that Java's PKCS12KeyStore will fabricate an alias string if there is no friendlyName, since every entry inside a KeyStore object must have an alias. I'll take some look tomorrow. Thanks,
|
|
Mailing list message from Michael StJohns on security-dev: On 11/30/2021 10:07 PM, Wei-Jun Wang wrote:
Ah - I see it now in PKCS12KeyStore - it assigns an "unfriendlyName" as Thanks - Mike
|
|
@wangweij This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 75 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
/integrate |
|
Going to push as commit a729a70.
Your commit was automatically rebased without conflicts. |
openjdk
bot
added
integrated
2 participants
Add
KeyStore::getAttributesso that one can get the attributes of an entry without retrieving the entry first. This is especially useful for a private key entry which can only be retrieved with a password.Progress
Issues
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/6026/head:pull/6026$ git checkout pull/6026Update a local copy of the PR:
$ git checkout pull/6026$ git pull https://git.openjdk.java.net/jdk pull/6026/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 6026View PR using the GUI difftool:
$ git pr show -t 6026Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/6026.diff