RFR: 8292033: Move jdk.X509Certificate event logic to JCA layer [v4]
Sean Coffey
coffeys at openjdk.org
Thu Nov 3 23:11:28 UTC 2022
On Thu, 3 Nov 2022 17:40:53 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 21 commits:
>>
>> - code clean up
>> - funnel cert events via generateCertificate only
>> - Revert use of x509 constructor helper in some areas. Clean up tests
>> - modules fix up in test
>> - Capture CertAndKeyGen certs
>> - import clean up
>> - Copyright year update
>> - Merge branch 'master' into 8292033-x509Event
>> - record events for internal constructor calls. Expand testing
>> - Use X500Principal#toString()
>> - ... and 11 more: https://git.openjdk.org/jdk/compare/cf5546b3...f430a3ee
>
> src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 289:
>
>> 287: public X509CertImpl(X509CertInfo certInfo) {
>> 288: this.info = certInfo;
>> 289: JCAUtil.tryCommitCertEvent(this);
>
> Why do we need to record this as an event? This is an incomplete (unsigned) certificate.
good point. this constructor is mainly used by keytool. Would it make sense if I committed the event after the cert details are signed ?
-------------
PR: https://git.openjdk.org/jdk/pull/10422
More information about the security-dev
mailing list