RFR: 8257497: Key identifier compliance issue [v3]
Weijun Wang
weijun at openjdk.java.net
Thu Feb 11 19:52:43 UTC 2021
On Thu, 11 Feb 2021 01:01:56 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> This change is made for compliance with RFC 5280 section 4.2.1.1 for Authority Key Identifier extension.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> API used to get AKID
src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1482:
> 1480: byte[] signerSubjectKeyIdExt = ((X509Certificate)signerCert).getExtensionValue(
> 1481: KnownOIDs.SubjectKeyID.value());
> 1482:
How about pass in the `KeyIdentifier` instead of `PublicKey akey` into the createV3Extensions method? And you can calculated with
X509CertImpl impl;
if (signerCert instanceof X509CertImpl) {
impl = (X509CertImpl) signerCert;
} else {
impl = new X509CertImpl(signerCert.getEncoded());
}
impl.getSubjectKeyId();
-------------
PR: https://git.openjdk.java.net/jdk/pull/2343
More information about the security-dev
mailing list