JDK-6407240 : No API equivalents for several keytool operations
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: linux
  • CPU: x86
  • Submitted: 2006-03-31
  • Updated: 2010-04-02
  • Resolved: 2006-04-04
Related Reports
Duplicate :  
JDK-4615506 - Security certificate request framework
Description
A DESCRIPTION OF THE REQUEST :
There are no API equivalents available for several of the command line keytool's operations. These incude :

keytool -genkey
keytool -certreq
keytool -selfcert



JUSTIFICATION :
These are fundamental pki operations.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Full functionality for generating certificates including certificate signing and handling PKCS#10 CSRs. Lack of this functionality is one of the most common reasons why developers must use BouncyCastle (which is great but shouldn't be standing in for core functionality).

CUSTOMER SUBMITTED WORKAROUND :
People are commonly using bouncy castle provider or commercially the IAIK toolkits.