RFR: 8257497: Key identifier compliance issue [v3]
Hai-May Chao
hchao at openjdk.java.net
Thu Feb 11 22:14:03 UTC 2021
On Thu, 11 Feb 2021 19:48:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> API used to get AKID
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1482:
>
>> 1480: byte[] signerSubjectKeyIdExt = ((X509Certificate)signerCert).getExtensionValue(
>> 1481: KnownOIDs.SubjectKeyID.value());
>> 1482:
>
> How about pass in the `KeyIdentifier` instead of `PublicKey akey` into the createV3Extensions method? And you can calculated with
> X509CertImpl impl;
> if (signerCert instanceof X509CertImpl) {
> impl = (X509CertImpl) signerCert;
> } else {
> impl = new X509CertImpl(signerCert.getEncoded());
> }
> impl.getSubjectKeyId();
Changed as suggested.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2343
More information about the security-dev
mailing list