forked from cfloersch/keytool
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTODO.txt
42 lines (21 loc) · 1.39 KB
/
TODO.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Certificate Policies Extension should decode the ASN/DER Encoded PolicyInformation
objects whenever they are set so that we might output them in the toString method.
Currently, it stores them as PolicyInformation objects and transforms any byte
stream into those objects. I think we can maintain them as both types..
I would like to convert this to use pkcs12 as the default keystore irrespective
of what the default type of the java platform is. However, that may complicate
trusted store which I believe is a jks store type irrespective of my desire.
Possibly add the ability to use Name Constraint v3 Extensions
This extension, which can used in CA certificates only, defines a name space
within which all subject names in subsequent certificates in a certification
path must be located.
We already have a NameConstraintExtension we just have to enable the keytool
to create and add them to the extension's set. We also need the tool to verify
the name constraints on a signing key when we are using it to sign a cert
request.
Need some way to manage CRL's. I would like to modify this to eventually have a
complete set of tools necessary for running a Certificate authority. Turn this
tool into a general pki tool.
Even better would be a means to create and manage Online Certificate Status Protocol
data.
Add support for SCT X.509v3 extensions along with the Log Server call.