[security-dev 00583]: Re: Code review request: 6780416: New keytool commands/options: -gencert, -printcertreq, -ext

Xuelei Fan Xuelei.Fan at Sun.COM
Thu Feb 19 10:02:55 UTC 2009 

Weijun Wang wrote:
> Hi Andrew
>
> Thanks for your quick review!
>
> The update is published at http://hgrev.appspot.com/show?id=2087. This
> is not a brand new fulldiff, but an incremental diff compared to
> http://hgrev.appspot.com/show?id=3077. The main update is a beautified
> -printcertreq command.
>
> BTW, this is the first patch-over-patch patch I published on
> http://hgrev.appspot.com. The support is still not perfect because I see
> bad output in the wide diff links. Looks like there's something wrong
> dealing with < > things in HTML. Will fix it tonight.
>
>   
Not too bad, I got the expected "-ext" updates.

BTW, I think there are many lines with more than 80 letters, which make 
the wide-diff hard to read.

> Xuelei Fan wrote:
>   
>> Max (Weijun) Wang wrote:
>>     
>>>> I will look at KeyTool.java tomorrow, others looks fine for me by now.
>>>>         
>> A mini suggestion, would you please also add the "-ext" format into the
>> usage() output? I did not find what the ext should looks like in the
>> help message.
>>     
>
> Changed, a little.
>
>   
>> Do you have a test case with an empty "Subject" field? If the "Subject"
>> field is empty, the SAN extension must be present, and marked as critical.
>>     
>
> No, I haven't.
>
> In fact, I provide no check on what extension combinations are legal.
> There are quite a lot of them, say, when BC is true, then KU's some bit
> should be true. The consistence checking is very complicated, and if
> really necessary, might be implemented in a shared class instead of keytool.
>
>   
I agree with the current approach.  Just keep the keytool stupid. ;-)

Xuelei
>> Otherwise, looks fine to me.
>>
>>     
>
> Thanks
> Max
>
>   
>> Xuelei
>>     
>>>> Xuelei
>>>>
>>>> Max (Weijun) Wang wrote:
>>>>         
>>>>> Hi All
>>>>>
>>>>> Can you take a review of this RFE?
>>>>>
>>>>>  6780416: New keytool commands/options: -gencert, -printcertreq, -ext
>>>>>  bug: http://bugs.sun.com/view_bug.do?bug_id=6780416
>>>>>  webrev: http://hgrev.appspot.com/show?id=3077
>>>>>
>>>>> The spec of the 3 new commands/options is inside the evaluation
>>>>> section of the bug report.
>>>>>
>>>>> The fix is mainly on KeyTool.java, with changes in Resources.java
>>>>> for l10n strings. Some X.509 files are changed to provide new
>>>>> constructor, new constants etc. A new class
>>>>> SubjectInfoAccessExtension.java is created for the extension. The
>>>>> KeyToolTest.java regression test are updated to cover the new
>>>>> commands/options.
>>>>>
>>>>> If you find the webrev too long, you might only review a part of it.
>>>>>
>>>>> Thanks
>>>>> Max
>>>>>
>>>>>
>>>>>           
>>>>

More information about the security-dev mailing list