JDK-5091008 : Add support for NSS trust attributes
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 6
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2004-08-24
  • Updated: 2005-10-06
  • Resolved: 2005-10-06
Related Reports
Duplicate :  
JDK-6273877 - Better support for NSS keystore
Description
NSS currently does not support the standard CKA_TRUSTED attribute and has defined its own trust attributes. We currently do not examine these NSS attributes, so any NSS token (softtoken or their trust anchor token) will show up without any trusted certificates in the PKCS11 KeyStore.

This is a significant limitation for applications that want to access the NSS databases from Java (e.g. JES stack and Plugin). Supporting those attributes may also allow us to add trusted certificates to NSS tokens, which is something that is not possible with the CKA_TRUSTED attribute, which is defined as read-only in PKCS#11.
Comments
EVALUATION This has been addressed by 6273877.
06-10-2005
EVALUATION Will examine if a fix is possible in a Tiger update release. ###@###.### 2004-08-23
23-08-2004