RFR 8058778: New APIs for creating certificates and certificate requests

Wang Weijun weijun.wang at oracle.com
Sat Jan 9 00:57:36 UTC 2016


> On Jan 9, 2016, at 4:40 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 01/07/2016 10:38 PM, Wang Weijun wrote:
>> 
>>> On Jan 8, 2016, at 6:06 AM, Sean Mullan <sean.mullan at oracle.com>
>>> wrote:
> 
>>> * CertificateFactorySpi
>>> 
>>> Need more details on how inStream is parsed.
>> 
>> I thought a "@see CertificateFactory#generateCertificateRequest" is
>> enough. I do noticed that
>> CertificateFactorySpi#engineGenerateCertificate copies all spec from
>> CertificateFactory#generateCertificate.
> 
> I think if you specifically linked to that from the method description it would be sufficient, ex: "For details on how inStream is parsed, see ...", but an @see on its own is more like an FYI and does not imply that it is part of the specification.

I'll copy the text then, same with generateCertificate().

> 
>>> 
>>> 772         String getDefaultSigAlgName(PrivateKey key);
>>> 
>>> This seems like it should just be a static utility method, and not
>>> something every subclass has to implement.
>> 
>> But only the provider (X509Factory here) knows about the return
>> values, and another provider can return different values.
> 
> Can you remind me why this needs to be a public method? Why can't this be an implementation detail when the caller doesn't specify a signature algorithm?

It allows a caller (maybe a GUI tool) to know what default values are.

> ful.
> 
>> Or, we can do it like
>> 
>> interface GeneralName { byte[] getEncoded(); }
> 
> and an enum for the type and a getType method?

enum will be here. getType() is useful but not necessary.

Thanks
Max

> 
>> 
>> class X509Certificate.Builder { GeneralName newGeneralName(int/Enum
>> type, String svalue); GeneralName newGeneralName(int/Enum type,
>> byte[] value); }
> 
> Ok.
> 
> --Sean




More information about the security-dev mailing list