Details
-
Bug
-
Status: In Progress
-
Critical
-
Resolution: Unresolved
-
jtsk_2.1
-
None
-
None
Description
Trust related questions for the TLS endpoints are answered through TrustManager instances obtained through a configurable TrustManagerFactory, see net.jini.jeri.sslSslEndpoint. This mechanism allows for an advanced implementation of a TrustManager that can answer these questions based on context information associated with a service. E.g. Seven can have completely different key material for each individual service running in a single JVM as the trust related material is bound by a certain context.
The X.500 discovery providers however can only have a single view on key material and certificate stores through a few system properties as documented in the e.g. package com.sun.jini.discovery.x500.sha1withdsa, preventing from having multiple views on key material depending on the context in which they are handling discovery.
Besides the system properties a trust provider mechanism is required that allows to specify an implementation that can
return a KeyStore and CertStore array depending on the context in which the discovery operation must take place.