RFR: 8325766: Review seclibs tests for cert expiry [v5]

Artur Barashev abarashev at openjdk.org
Tue Jun 24 16:44:36 UTC 2025


On Tue, 3 Jun 2025 13:11:31 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:

>> This PR updates the CertificateBuilder with a new method that creates a new instance with common fields (subject name, public key, serial number, validity, and key uses) filled-in. One test, IPIdentities.java, is updated to show how the method can be used to create various certificates. I attached screenshots that compare the old hard-coded certificates (left) with the new generated certificates.
>> 
>> ![trusted-cert](https://github.com/user-attachments/assets/4bfaca10-74f3-4d24-9796-288358ae00e1)
>> ![server-cert](https://github.com/user-attachments/assets/51ce8ed2-0784-44ab-96a1-9d0a2ea66aaa)
>> ![client-cert](https://github.com/user-attachments/assets/5090a71e-ef7a-4303-ae1a-78f89878d1c0)
>
> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 12 commits:
> 
>  - fixed redundant setNotAfter() calls. One of them should have been setNotBefore
>  - Merge branch 'master' into certbuilder
>  - expanded wildcard imports
>  - Merge branch 'master' into certbuilder
>  - Merge branch 'master' into certbuilder
>  - reversed order of DN strings when making certificates.
>  - Merge branch 'master' into certbuilder
>  - Merge branch 'master' into certbuilder
>  - Merge branch 'master' into certbuilder
>  - Merge branch 'master' into certbuilder
>  - ... and 2 more: https://git.openjdk.org/jdk/compare/e490b4f0...2b5533aa

test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java line 247:

> 245:     private static void setupCertificates() throws Exception {
> 246:         KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
> 247:         kpg.initialize(1024);

This line can be removed so implementation uses a default value.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r2164469651


More information about the net-dev mailing list