RFR: 8257497: Key identifier compliance issue [v2]
Weijun Wang
weijun at openjdk.java.net
Wed Feb 10 23:28:39 UTC 2021
On Wed, 10 Feb 2021 23:07:51 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> test/jdk/sun/security/tools/keytool/CheckCertAKID.java line 69:
>>
>>> 67: .shouldContain("0000: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15")
>>> 68: .shouldContain("0010: 16 17 18 19")
>>> 69: .shouldHaveExitValue(0);
>>
>> Or you can directly read the certificate and look at its extensions using some API.
>
> The current method serves the need to verify the accuracy of the AKID for this PR, and it looks straightforward to perceive I think. The API such as cert.getExtensionValue(KnownOIDs.AuthorityKeyID.value()), and new DerValue to getOctetString() could also be used.
The 3 `shouldContain` lines cannot prove they appear in that order.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2343
More information about the security-dev
mailing list