RFR: 8262186: Callback semantics of the method X509KeyManager.chooseClientAlias(...)
Weijun Wang
weijun at openjdk.java.net
Fri Aug 27 13:40:29 UTC 2021
On Fri, 27 Aug 2021 03:55:56 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> This code change collects all key types and runs `chooseClientAlias` only once.
>
> src/java.base/share/classes/sun/security/ssl/X509Authentications.java line 37:
>
>> 35: import javax.net.ssl.X509ExtendedKeyManager;
>> 36:
>> 37: class X509Authentications implements SSLAuthentication {
>
> It is a little bit strange to me as this implements SSLAuthentication. There are a few other methods are not implemented in this class. As it can only be used for certificate selection and thus it is not necessary to implement other methods in the SSLAuthentication interface.
>
> It may be more compact to move createPossession() method to X509Authentication.java, and declare it as a static method with an additional parameter.
>
>
> static SSLPossession createPossession(HandshakeContext context, String[] keyTypes) {
> ...
> }
>
>
> Then, this class file could be merged into X509Authentication.java.
You're right. I'll fix it.
> test/jdk/sun/security/ssl/SSLContextImpl/MultipleChooseAlias.java line 99:
>
>> 97: public MyKMF() {
>> 98: try {
>> 99: fac = KeyManagerFactory.getInstance("SunX509");
>
> Would you please checking both "SunX509" and "PKIX" key manager?
Sure, I'll make it 2 `@run`s.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5257
More information about the security-dev
mailing list