RFR 8171319: keytool should print out warnings when reading or generating cert/cert req using weak algorithms
Weijun Wang
weijun.wang at oracle.com
Fri Feb 17 02:35:17 UTC 2017
On 02/15/2017 11:04 PM, Seán Coffey wrote:
> Hi Weijun,
>
> That's looks good to me and will be a big help for keytool usability.
>
> some thoughts :
>
> Main.java : in your printCRL method, would you consider editing the
> X509CRLImpl class to print with a customized string ? It'll make the
> code more resilient to future changes in this area
>
> i.e. something like this in X509CRLImpl :
>
> public String toString() { printCRL(null); }
> public String printCRL(String custom) {
> // transfer the toString() code to here
> // and allow for 'custom' string to be injected if non-null
> ..
> }
>
> in Main.java, I'd suggest an instanceof check for X509CRLImpl before
> calling printCRL(..). Could X509CRL.getSigAlgName() then be used for
> passing into the withWeak method call ?
I can probably pass DISABLED_CHECK into this new printCRL() method. Will
try.
>
> ===
>
> Also in Main.java, maybe you could reduce
> printWeakWarningsWithoutNewLine and printWeakWarnings() to one method -
> e.g. printWeakWarnings(boolean newline)
Good idea.
Thanks
Max
More information about the security-dev
mailing list