RFR: 5561: Support for Crypto Events in JMC
Marcus Hirt
hirt at openjdk.org
Tue Dec 2 18:07:15 UTC 2025
On Tue, 2 Dec 2025 17:53:55 GMT, Marcus Hirt <hirt at openjdk.org> wrote:
>> This PR enhances the JMC UI for adding new information related to crypto events: specifically X509CertificateEvent.
>>
>> This PR adds a new rule with respect to X509CertificateEvent which provides alert related to expired/expiring certificates and weak signature algorithms or weak key length or key type. The rule gives a basic overview of all the certificate ids which needs action or attention, however complete details are provided as part of a new screen - Security.
>>
>> Attaching the screenshots here for better reference:
>>
>> Rule Page:
>>
>> <img width="362" height="373" alt="image" src="https://github.com/user-attachments/assets/4707e6b2-76be-4b1e-9f32-c6139851d86c" />
>>
>> Security Screen Page:
>>
>> <img width="959" height="385" alt="image" src="https://github.com/user-attachments/assets/5026e2b7-2754-47bc-a42d-5672f9f087d7" />
>
> application/org.openjdk.jmc.flightrecorder.ui/org.openjdk.jmc.flightrecorder.ui_contexts.xml line 151:
>
>> 149: <context id="security">
>> 150: <description></description>
>> 151: <topic href="PLUGINS_ROOT/org.openjdk.jmc.docs/html/GUID-4F885E48-A548-4140-B985-74B1685BEDEA.htm" label="Using the Security Page" />
>
> This seems to link to the exact same page as Using the TLAB Allocations Page. Copy/Paste error?
Should perhaps the messages be more action oriented?
* Certificate with id x expired t days ago. It should be replaced.
* Certificate with id y is using SHA-1. It should be updated to use SHA-256 or SHA-512.
-------------
PR Review Comment: https://git.openjdk.org/jmc/pull/686#discussion_r2582282660
More information about the jmc-dev
mailing list