Closed
Bug 117978
Opened 23 years ago
Closed 23 years ago
support Java Keystore API
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.4
People
(Reporter: jamie-bugzilla, Assigned: rrelyea)
References
Details
Attachments
(2 files)
23.86 KB,
patch
|
Details | Diff | Splinter Review | |
917 bytes,
patch
|
Details | Diff | Splinter Review |
In order to implement the JCA Keystore API, I need the following functionality. "Object" means a key or a certificate. 1. Enumerate a list of all objects on a token, accompanied with labels. 2. Lookup a token object by label. Should return a list of all objects with matching label. 3. Lookup token certificate by another certificate. This could mean looking up a certificate by Issuer/Serial or some other unique collection of attributes. 4. Store an object with an associated label. 5. Delete an object. PK11_DeleteTokenCertAndKey is not appropriate because it deletes the cert AND the key. All this stuff is very straightforward from a PKCS #11 point of view.
Reporter | ||
Updated•23 years ago
|
Target Milestone: --- → 3.4
Updated•23 years ago
|
Component: Build → Libraries
Assignee | ||
Comment 2•23 years ago
|
||
Jamie, a couple of questions. Do you want objects returned as their base object types, or do you want objects returned as PKCS #11 handles (knowing that PKCS #11 handles will probably disappear in 4.0). Would it be acceptable to have 4 different functions (return all the symkeys, return all the private keys, return all the public keys, and return all the certs?) What do you want passed in the "find cert by cert" call? a DERCert, a CERTCertificate? What do you want returned? (this function should be simple because we often look up certs by certs in a given token internally (we use DERCert BTW).
Reporter | ||
Comment 3•23 years ago
|
||
I want to use base object types, not PKCS #11 handles. It is fine to have multiple versions of the functions for different types. The "find cert by cert function" can take a DERCert. It can return a CERTCertificate. The keystore API for deletion is delete by alias/label. I could implement this by doing a search by label and then deleting the object(s) returned by the search.
Assignee | ||
Comment 4•23 years ago
|
||
OK, I will have to add some functions, and may expose some others, but there shouldn't be a problem getting this functions for you. Do remember that multiple objects may have the same label. If that's a problem in JCA Keystore you'll have to do some label mapping. bob
Assignee | ||
Comment 5•23 years ago
|
||
patch (included exported function) looks good. r=relyea
Comment 6•23 years ago
|
||
Bob, what patch were you referring to?
Assignee | ||
Comment 7•23 years ago
|
||
Comment went into the wrong bug... should have gone into Kaie's bug 112961 bob
Assignee | ||
Comment 8•23 years ago
|
||
This match has incorrect diffs for nss.def Will attach corrected diffs for nss.def
Assignee | ||
Comment 9•23 years ago
|
||
Reporter | ||
Comment 10•23 years ago
|
||
PK11_ListPrivKeysInSlot returns NULL if there are no private keys on the slot, instead of returning an empty list. Is this the intended behavior? My concern is I have no way of differentiating an empty token from an error condition.
Assignee | ||
Comment 11•23 years ago
|
||
reopen if functions do work.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•