We had a proposal for this at https://bugs.openjdk.org/browse/JDK-6539136 and it's also withdrawn. I've added some comments to it. Keytool is quite different from other tools because it's interactive and involves keystore and passwords.
Thanks, Weijun > On May 7, 2024, at 6:16 AM, Wojtek <woj...@unir.se> wrote: > > Hello, > Move to strongly encapsulate JDK internals (i.e. JEP-403 and 396) affected > access to generating self-signed certificates. JEP itself states: > > > Code that uses the sun.security.tools.keytool.CertAndKeyGen class to > > generate self-signed certificates. There is not yet a standard API for this > > functionality (though a request has been submitted [1]); in the mean time, > > developers can use existing third-party libraries that include this > > functionality. > > However, linked issue [1] was just closed with "wontfix" status: > > > Closing as "Won't Fix". We have no plans to provide APIs for creating > > certificates. The "keytool -gencert" option can be used to create > > certificates and is the only mechanism that we will support. > > While using 'keytool' can be OK, it was brought to my attention existence of > `java.util.spi.ToolProvider` interface that would help avoid starting new VM. > > Would it be possible/could be considered to add implementation of > ToolProvider to the `keytool`? > > > [1] https://bugs.openjdk.java.net/browse/JDK-8058778 > -- > Wojtek
