RFR: 8292033: Move jdk.X509Certificate event logic to JCA layer [v7]
Sean Coffey
coffeys at openjdk.org
Wed Nov 9 21:14:08 UTC 2022
> By moving the JFR event up to the java.security.cert.CertificateFactory class, we can record all generate cert events, including those from 3rd party providers. I've also altered the logic so that an event is genertate for every generate cert call (not just ones missing from the JDK provider implementation cache)
>
> test case also updated to capture new logic
Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 26 commits:
- revert recording events in keytool
- Merge with master
- Merge branch 'master' into 8292033-x509Event
- Don't record certs directly from CertAndGen/keytool
- Further code review comments and new keytool test coverage with JFR
- code clean up
- funnel cert events via generateCertificate only
- Revert use of x509 constructor helper in some areas. Clean up tests
- modules fix up in test
- Capture CertAndKeyGen certs
- ... and 16 more: https://git.openjdk.org/jdk/compare/d4376f8b...d6faa84a
-------------
Changes: https://git.openjdk.org/jdk/pull/10422/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=10422&range=06
Stats: 237 lines in 12 files changed: 151 ins; 53 del; 33 mod
Patch: https://git.openjdk.org/jdk/pull/10422.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/10422/head:pull/10422
PR: https://git.openjdk.org/jdk/pull/10422
More information about the security-dev
mailing list