JDK-7194452 : Remove "Reverse" PKIX CertPathBuilder implementation
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-08-28
  • Updated: 2016-01-14
  • Resolved: 2015-04-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
8u72Fixed 9 b62Fixed
Currently our PKIX CertPathBuilder implements two modes for validating certification paths, a "forward" mode (where the certificates in the certification path are presented in the forward direction), and a "reverse" mode where they are presented in the reverse order. However, we only support the forward mode via the public API. Thus, we could basically remove the "reverse" builder code. I don't know of any customers using this mode, though we do have tests for it that would also need to be removed. Alternatively, we could move the reverse mode implementation to the optional provider, but I really don't see a lot of value in doing that since it is an unsupported, undocumented feature right now.

Potential Savings: probably between 30-40K

The "reverse" CertPathBuilder mode has never been officially supported. Removing this code would be good so we no longer have to maintain both the forward and reverse implementations.