Wang Weijun weijun.wang at oracle.com
Tue Mar 31 03:57:31 UTC 2015

Hi Sean

Are you OK with this?

> CertificateExtensions.java
> ==========================
> Since we don't use names as keys, CertificateExtensions is not a typical CertAttrSet now. Remove the implements clause.

Almost every class in the x509 package is built around the CertAttrSet and they together weave an elegant net. It will be nice if CertificateExtensions can only use the hierarchical names as keys, but unfortunately, it has to use OID sometimes.

My suggestion above breaks it from the CertAttrSet net. I won't dare to do this before jdk9 because people outside might use these classes, but now it's probably safe to do so.

Said that, CertificateExtensions is now an alien. Although its sibling CRLExtensions has always been one.


More information about the security-dev mailing list