JDK-8162958 : A public API to return cacerts
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P4
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2016-08-02
  • Updated: 2021-10-13
  • Resolved: 2021-10-13
Related Reports
Relates :  
JDK-8162739 - Create new keytool option to access cacerts file
Description
A developer should not know where cacerts is, it will nice if there is a public API returning it as a KeyStore object.
Comments
Maybe the java.security.Security class would be a better location for such static methods. For example, public static KeyStore getCACerts(char[] password) public static KeyStore getCACerts(KeyStore.LoadStoreParameter parameter)
31-08-2017
Yes, something like 2 overloaded methods: public static KeyStore cacerts(char[] password); public static KeyStore cacerts(KeyStore.ProtectionParameter param); Even with a password, we probably want to have a permission check on that, since it is reading from a file and someone may have added certs or keys with sensitive information to the cacerts file (and the "changeit" password may not have been changed).
02-08-2016