RFR 8058778: New APIs for creating certificates and certificate requests
Wang Weijun
weijun.wang at oracle.com
Sat Jan 9 00:57:36 UTC 2016
> On Jan 9, 2016, at 4:40 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 01/07/2016 10:38 PM, Wang Weijun wrote:
>>
>>> On Jan 8, 2016, at 6:06 AM, Sean Mullan <sean.mullan at oracle.com>
>>> wrote:
>
>>> * CertificateFactorySpi
>>>
>>> Need more details on how inStream is parsed.
>>
>> I thought a "@see CertificateFactory#generateCertificateRequest" is
>> enough. I do noticed that
>> CertificateFactorySpi#engineGenerateCertificate copies all spec from
>> CertificateFactory#generateCertificate.
>
> I think if you specifically linked to that from the method description it would be sufficient, ex: "For details on how inStream is parsed, see ...", but an @see on its own is more like an FYI and does not imply that it is part of the specification.
I'll copy the text then, same with generateCertificate().
>
>>>
>>> 772 String getDefaultSigAlgName(PrivateKey key);
>>>
>>> This seems like it should just be a static utility method, and not
>>> something every subclass has to implement.
>>
>> But only the provider (X509Factory here) knows about the return
>> values, and another provider can return different values.
>
> Can you remind me why this needs to be a public method? Why can't this be an implementation detail when the caller doesn't specify a signature algorithm?
It allows a caller (maybe a GUI tool) to know what default values are.
> ful.
>
>> Or, we can do it like
>>
>> interface GeneralName { byte[] getEncoded(); }
>
> and an enum for the type and a getType method?
enum will be here. getType() is useful but not necessary.
Thanks
Max
>
>>
>> class X509Certificate.Builder { GeneralName newGeneralName(int/Enum
>> type, String svalue); GeneralName newGeneralName(int/Enum type,
>> byte[] value); }
>
> Ok.
>
> --Sean
More information about the security-dev
mailing list