RFR: 8257497: Key identifier compliance issue [v2]
Hai-May Chao
hchao at openjdk.java.net
Wed Feb 10 23:10:41 UTC 2021
On Wed, 10 Feb 2021 22:41:26 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Test case added and not overriding -ext fix
>
> test/jdk/sun/security/tools/keytool/CheckCertAKID.java line 69:
>
>> 67: .shouldContain("0000: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15")
>> 68: .shouldContain("0010: 16 17 18 19")
>> 69: .shouldHaveExitValue(0);
>
> Or you can directly read the certificate and look at its extensions using some API.
The current method serves the need to verify the accuracy of the AKID for this PR, and it looks straightforward to perceive I think. The API such as cert.getExtensionValue(KnownOIDs.AuthorityKeyID.value()), and new DerValue to getOctetString() could also be used.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2343
More information about the security-dev
mailing list