RFR: 8296901: Do not create unsigned certificate and CRL [v3]
Sean Mullan
mullan at openjdk.org
Thu Nov 17 21:22:23 UTC 2022
On Wed, 16 Nov 2022 13:21:49 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Instead if creating an "unsigned" `X509CertImpl` with only an `X509CertInfo` inside, a new static method `signNew` is introduced to create a newly signed certificate from an `X509CertInfo` object and a `PrivateKey`. Thus make sure an `X509CertImpl` is always signed and there is no read to keep its `readOnly` flag.
>>
>> The same for `X509CRLImpl`. A new inner class `TBSCertList` is added which is equivalent to `X509CertInfo` inside `X509CertImpl`.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> one extra space
Wondering why you named the methods "signNew" instead of just "sign" which seems simpler to me.
Otherwise looks fine.
-------------
Marked as reviewed by mullan (Reviewer).
PR: https://git.openjdk.org/jdk/pull/11151
More information about the security-dev
mailing list