Bug ID: JDK-6273877 Better support for NSS keystore

Type: Enhancement
Component: security-libs
Sub-Component: javax.crypto:pkcs11
Affected Version: 6

Priority: P2
Status: Resolved
Resolution: Fixed
OS: generic
CPU: generic

Submitted: 2005-05-20
Updated: 2010-04-02
Resolved: 2005-05-27

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6
6 betaFixed

From http://jplan.sfbay/feature/076 :

Description
Network Security Services (NSS) is the library that is used for all security functions in Mozilla as well as by all native components of the JES stack. Via the PKCS#11 support in Tiger, it is already possible the access the NSS keystore. This feature intends to address a few missing pieces:

 . NSS stores configuration information about its PKCS#11 modules in its secmod.db file, which we currently do not understand. By accessing this information we could reduce/eliminate the need for manual configuration.

 . NSS uses non-standard attributes to mark certificates as trusted. We should add support for them.

Motivation
AppServer and Access Manager have expressed their unhappiness about the current state of affairs and the extra work it causes them.

Plugin decided to use the JSS library to access NSS rather than the JDK's PKCS#11 support because of the configuration issue. However, JSS is receiving little attention in Sun now and therefore may not be a viable long term solution.

###@###.### 2005-05-20 18:41:46 GMT