RFR: 8257497: Key identifier compliance issue [v5]

Sean Mullan mullan at openjdk.java.net
Tue Feb 16 18:45:44 UTC 2021


On Fri, 12 Feb 2021 20:42:03 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> This change is made for compliance with RFC 5280 section 4.2.1.1 for Authority Key Identifier extension.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Reduced one param to createV3Extensions

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1484:

> 1482: 
> 1483:         KeyIdentifier signerSubjectKeyId;
> 1484:         if (subjectPubKey.equals(issuerPubKey)) {

I think in most cases, this equality test will not work as there is no requirement for PublicKey to override Object.equals, so in most cases this will just check if they reference the same object. I suggest comparing the encoded bytes.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2343



More information about the security-dev mailing list