RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v3]

Hai-May Chao hchao at openjdk.java.net
Thu Apr 1 20:37:55 UTC 2021


On Thu, 1 Apr 2021 16:49:19 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Not sure the reason why a change is needed for the existing logic.
>
> With a signer, it makes no sense to create a single-cert array at the beginning. I am suggesting:
> X509Certificate newCert  = keypair.getSelfCertificate(...);
> Certificate[] finalChain;
> if (signerFlag) {
>     finalChain = new ...
>     finalChain[0] = newCert;
> } else {
>    finalChain = new Certificate[] { newCert };
> }
> keyStore.setEntry(..., finalChain);

Done.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3281



More information about the security-dev mailing list