RFR: 8339560: Unaddressed comments during code review of JDK-8337664
Fernando Guallini
fguallini at openjdk.org
Tue Sep 24 16:20:38 UTC 2024
On Tue, 24 Sep 2024 15:57:28 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> During the code review of [JDK-8337664](https://bugs.openjdk.org/browse/JDK-8337664), several non-critical comments were raised but not addressed due to time constraints. This PR includes the following changes:
>>
>> 1. Symantec and Entrust tests now reuse common code. The Distrust.java class contains this reusable code, making it easier to add new tests for distrusted roots in the future.
>> 2. In several instances where an Exception is thrown, it has been replaced with RuntimeException.
>> 3. Many Symantec test certs have already expired. To properly test the distrusted scenario, this change wraps the intermediate and root CA certs in NonExpiringTLSServerCert, which does not validate expiration.
>> 4. Package structure changed:
>> <img width="225" alt="image" src="https://github.com/user-attachments/assets/a8c8407e-edd3-47dd-84c0-19feb9da3c0f">
>
> test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/Entrust.java line 34:
>
>> 32: * @summary Check that TLS Server certificates chaining back to distrusted
>> 33: * Entrust roots are invalid
>> 34: * @library /test/lib
>
> Do you need /test/lib anymore?
Yes, it won't compile otherwise because the helper class **Distrusts** still needs to import _jdk.test.lib.security.SecurityUtils_.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20944#discussion_r1773665306
More information about the security-dev
mailing list