RFR: 8257497: Key identifier compliance issue [v3]

Weijun Wang weijun at openjdk.java.net
Thu Feb 11 19:52:43 UTC 2021


On Thu, 11 Feb 2021 01:01:56 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> This change is made for compliance with RFC 5280 section 4.2.1.1 for Authority Key Identifier extension.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   API used to get AKID

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1482:

> 1480:         byte[] signerSubjectKeyIdExt = ((X509Certificate)signerCert).getExtensionValue(
> 1481:                 KnownOIDs.SubjectKeyID.value());
> 1482: 

How about pass in the `KeyIdentifier` instead of `PublicKey akey` into the createV3Extensions method? And you can calculated with
        X509CertImpl impl;
        if (signerCert instanceof X509CertImpl) {
            impl = (X509CertImpl) signerCert;
        } else {
            impl = new X509CertImpl(signerCert.getEncoded());
        }
        impl.getSubjectKeyId();

-------------

PR: https://git.openjdk.java.net/jdk/pull/2343



More information about the security-dev mailing list