RFR: 8257497: Key identifier compliance issue [v2]

Hai-May Chao hchao at openjdk.java.net
Thu Feb 11 01:13:38 UTC 2021

On Wed, 10 Feb 2021 23:25:45 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> The current method serves the need to verify the accuracy of the AKID for this PR, and it looks straightforward to perceive I think. The API such as cert.getExtensionValue(KnownOIDs.AuthorityKeyID.value()), and new DerValue to getOctetString() could also be used.
> The 3 `shouldContain` lines cannot prove they appear in that order.

These lines are from the output of the keytool -printcert command. If there may be a problem with the ordering, it would be worth the effort to look into -printcert. I've changed to use APIs to ease the ordering concern.


PR: https://git.openjdk.java.net/jdk/pull/2343

More information about the security-dev mailing list