RFR: 8262186: Callback semantics of the method X509KeyManager.chooseClientAlias(...)
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Fri Aug 27 04:00:29 UTC 2021
On Wed, 25 Aug 2021 19:00:06 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> This code change collects all key types and runs `chooseClientAlias` only once.
src/java.base/share/classes/sun/security/ssl/X509Authentications.java line 37:
> 35: import javax.net.ssl.X509ExtendedKeyManager;
> 36:
> 37: class X509Authentications implements SSLAuthentication {
It is a little bit strange to me as this implements SSLAuthentication. There are a few other methods are not implemented in this class. As it can only be used for certificate selection and thus it is not necessary to implement other methods in the SSLAuthentication interface.
It may be more compact to move createPossession() method to X509Authentication.java, and declare it as a static method with an additional parameter.
static SSLPossession createPossession(HandshakeContext context, String[] keyTypes) {
...
}
Then, this class file could be merged into X509Authentication.java.
test/jdk/sun/security/ssl/SSLContextImpl/MultipleChooseAlias.java line 99:
> 97: public MyKMF() {
> 98: try {
> 99: fac = KeyManagerFactory.getInstance("SunX509");
Would you please checking both "SunX509" and "PKIX" key manager?
-------------
PR: https://git.openjdk.java.net/jdk/pull/5257
More information about the security-dev
mailing list