RFR: 8341346: Add support for exporting TLS Keying Material [v10]

Bradford Wetmore wetmore at openjdk.org
Tue May 13 05:06:55 UTC 2025 

On Mon, 12 May 2025 15:02:31 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Bradford Wetmore has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 13 commits:
>> 
>>  - Merge branch 'master' into JDK-8341346
>>  - Adjustments made for JDK-8350830
>>  - Merge branch 'master' into JDK-8341346
>>  - Rework to avoid PKCS11 data extraction problems, and enhanced input verification and unit testing
>>  - More Codereview comments
>>  - Updated to use the upcoming KDF (still in preview) + bits of JDK-8353578 for compilation)
>>  - Add in the SharedSecrets SecretKeySpec clearing mechanism
>>  - More codereview/CSR comments
>>  - Merge branch 'master' into JDK-8341346
>>  - Codereview comments.
>>  - ... and 3 more: https://git.openjdk.org/jdk/compare/68a11850...bd227aa8
>
> src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java line 187:
> 
>> 185:      *
>> 186:      * @implSpec The default implementation throws
>> 187:      *           {@code UnsupportedOperationException}
> 
> Missing period at end of sentence.

Added.  I also readded:

     *           Classes derived from ExtendedSSLSession must implement
     *           this method.

which is also used in an earlier method (`getStatusResponses`) in this class.

> src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java line 195:
> 
>> 193:      * @param length  the number of bytes of EKM material needed
>> 194:      *
>> 195:      * @throws SSLKeyException if the key could not be generated
> 
> I prefer "cannot" (present tense).

Done

> src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java line 204:
> 
>> 202:      *
>> 203:      * @return a {@code SecretKey} that contains {@code length} bytes of the
>> 204:      *         EKM material.
> 
> no period necessary.

Corrected.  

Even when you look 10 times at something, you still miss something obvious like this!  ;)

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2085923797
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2085924241
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2085924913

More information about the net-dev mailing list