RFR: 8296901: Do not create unsigned certificate and CRL [v3]

Weijun Wang weijun at openjdk.org
Wed Nov 16 13:21:49 UTC 2022


> Instead if creating an "unsigned" `X509CertImpl` with only an `X509CertInfo` inside, a new static method `signNew` is introduced to create a newly signed certificate from an `X509CertInfo` object and a `PrivateKey`. Thus make sure an `X509CertImpl` is always signed and there is no read to keep its `readOnly` flag.
> 
> The same for `X509CRLImpl`. A new inner class `TBSCertList` is added which is equivalent to `X509CertInfo` inside `X509CertImpl`.

Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:

  one extra space

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11151/files
  - new: https://git.openjdk.org/jdk/pull/11151/files/3d031083..056daf5c

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11151&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11151&range=01-02

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11151.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11151/head:pull/11151

PR: https://git.openjdk.org/jdk/pull/11151



More information about the security-dev mailing list