RFR 8058778: New APIs for some keytool functions

Sean Mullan sean.mullan at oracle.com
Tue Dec 15 15:53:45 UTC 2015


On 12/03/2015 09:07 PM, Wang Weijun wrote:
> Or if this is too much, we can at least do the X509Extension part. If
> CertificateRequest is needed one day, we can create a new method
> Builder.certificateRequest() that returns it and deprecate the
> current request() method.
>
> Or use certificateRequest() to return byte[] and save request() for
> the future. :-)

I agree with this approach. I like the idea of moving the creation of 
Extensions to X509Extension so that they could be used independently of 
the X509Certificate.Builder API. Let's defer a CertificateRequest API 
for later.

--Sean

>
> --Max
>
>> On Dec 3, 2015, at 8:21 PM, larry mccay <larry.mccay at gmail.com>
>> wrote:
>>
>> +1 :)
>>
>> On Thu, Dec 3, 2015 at 3:31 AM, Wang Weijun
>> <weijun.wang at oracle.com> wrote: I tried.
>>
>> It's quite easy to move the new X509CertificateBuilder class into
>> java.security.cert.X509Certificate as an inner class, but I still
>> want to make Extension and CertificateRequest better.
>
> ...
>
>>
>> All these sound straightforward, worth doing?
>>
>> Thanks Max
>>
>>
>>
>


More information about the security-dev mailing list