RFR: 8325766: Review seclibs tests for cert expiry

[Mikhail Yankelevich]

On Wed, 19 Feb 2025 15:48:10 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:

> This PR updates the CertificateBuilder with a new method that creates a new instance with common fields (subject name, public key, serial number, validity, and key uses) filled-in. One test, IPIdentities.java, is updated to show how the method can be used to create various certificates. I attached screenshots that compare the old hard-coded certificates (left) with the new generated certificates.
> 
> ![trusted-cert](https://github.com/user-attachments/assets/4bfaca10-74f3-4d24-9796-288358ae00e1)
> ![server-cert](https://github.com/user-attachments/assets/51ce8ed2-0784-44ab-96a1-9d0a2ea66aaa)
> ![client-cert](https://github.com/user-attachments/assets/5090a71e-ef7a-4303-ae1a-78f89878d1c0)

test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java line 35:

> 33:  * @run main/othervm IPIdentities
> 34:  * @author Xuelei Fan
> 35:  */

I think you might be missing ` * @modules java.base/sun.security.x509 java.base/sun.security.util` here

test/lib/jdk/test/lib/security/CertificateBuilder.java line 113:

> 111:         SecureRandom random = new SecureRandom();
> 112: 
> 113:         boolean [] keyUsage = new boolean[]{false, false, false,

Wouldn't it be easier to just use `var keyUsage = new boolean[KeyUsage.values().length]`?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r1963390414
PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r1963390219