United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7109096 keytool -genkeypair needn't call -selfcert
JDK-7109096 : keytool -genkeypair needn't call -selfcert

Details
Type:
Bug
Submit Date:
2011-11-07
Status:
Closed
Updated Date:
2013-06-26
Project Name:
JDK
Resolved Date:
2011-11-29
Component:
security-libs
OS:
generic
Sub-Component:
java.security
CPU:
generic
Priority:
P4
Resolution:
Fixed
Affected Versions:
8
Fixed Versions:

Related Reports
Backport:
Backport:

Sub Tasks

Description
keytool uses CertAndKeyGen to generate a basic self-signed certificate with no extensions. When -ext option was introduced, -genkeypair was implemented as original -genkeypair plus -selfcert, and extensions info was added in the -selfcert step.

This means the keystore object is modified twice in this single operation. In the case of PKCS11 or MSCAPI, it is actually written to the token twice. If a token can only be written once, the action will fail.

                                    

Comments
EVALUATION

http://hg.openjdk.java.net/jdk8/tl/jdk/rev/52be75d060f9
                                     
2011-11-09
noreg-cleanup hence not verified
                                     
2013-01-08



Hardware and Software, Engineered to Work Together