RFR: 8325766: Extend CertificateBuilder to create trust and end entity certificates programmatically [v7]
Matthew Donovan
mdonovan at openjdk.org
Fri Aug 29 15:19:32 UTC 2025
> This PR updates the CertificateBuilder with a new method that creates a new instance with common fields (subject name, public key, serial number, validity, and key uses) filled-in. One test, IPIdentities.java, is updated to show how the method can be used to create various certificates. I attached screenshots that compare the old hard-coded certificates (left) with the new generated certificates.
>
> 
> 
> 
Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 16 commits:
- Merge branch 'master' into certbuilder
- changed keystore to PKCS12 and remove key initialization
- added new method, setOneHourValidity(), and removed it from the static method.
- Merge branch 'master' into certbuilder
- fixed redundant setNotAfter() calls. One of them should have been setNotBefore
- Merge branch 'master' into certbuilder
- expanded wildcard imports
- Merge branch 'master' into certbuilder
- Merge branch 'master' into certbuilder
- reversed order of DN strings when making certificates.
- ... and 6 more: https://git.openjdk.org/jdk/compare/452b052f...98ae3e4b
-------------
Changes: https://git.openjdk.org/jdk/pull/23700/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=23700&range=06
Stats: 771 lines in 3 files changed: 163 ins; 565 del; 43 mod
Patch: https://git.openjdk.org/jdk/pull/23700.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/23700/head:pull/23700
PR: https://git.openjdk.org/jdk/pull/23700
More information about the security-dev
mailing list