RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v2]
Weijun Wang
weijun at openjdk.java.net
Thu Apr 1 17:07:35 UTC 2021
On Thu, 1 Apr 2021 16:34:43 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Please review the changes that adds the -signer option to keytool -genkeypair command. As key agreement algorithms do not have a signing algorithm, the specified signer's private key will be used to sign and generate a key agreement certificate.
>> CSR review is at: https://bugs.openjdk.java.net/browse/JDK-8264325
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> Updated with review comments
src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java line 132:
> 130: if (signerPrivateKey != null) {
> 131: this.signerFlag = true;
> 132: }
If you make this line `this.sigerFlag = signerPrivateKey != null`, then we can make most field final.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3281
More information about the security-dev
mailing list