RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v3]
Hai-May Chao
hchao at openjdk.java.net
Thu Apr 1 20:37:55 UTC 2021
On Thu, 1 Apr 2021 16:49:19 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Not sure the reason why a change is needed for the existing logic.
>
> With a signer, it makes no sense to create a single-cert array at the beginning. I am suggesting:
> X509Certificate newCert = keypair.getSelfCertificate(...);
> Certificate[] finalChain;
> if (signerFlag) {
> finalChain = new ...
> finalChain[0] = newCert;
> } else {
> finalChain = new Certificate[] { newCert };
> }
> keyStore.setEntry(..., finalChain);
Done.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3281
More information about the security-dev
mailing list