RFR: 8257497: Key identifier compliance issue [v3]

Hai-May Chao hchao at openjdk.java.net
Thu Feb 11 22:14:03 UTC 2021


On Thu, 11 Feb 2021 19:48:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   API used to get AKID
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1482:
> 
>> 1480:         byte[] signerSubjectKeyIdExt = ((X509Certificate)signerCert).getExtensionValue(
>> 1481:                 KnownOIDs.SubjectKeyID.value());
>> 1482: 
> 
> How about pass in the `KeyIdentifier` instead of `PublicKey akey` into the createV3Extensions method? And you can calculated with
>         X509CertImpl impl;
>         if (signerCert instanceof X509CertImpl) {
>             impl = (X509CertImpl) signerCert;
>         } else {
>             impl = new X509CertImpl(signerCert.getEncoded());
>         }
>         impl.getSubjectKeyId();

Changed as suggested.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2343



More information about the security-dev mailing list