RFR: 8325766: Extend CertificateBuilder to create trust and end entity certificates programmatically [v7]
Sean Mullan
mullan at openjdk.org
Fri Aug 29 15:19:32 UTC 2025
On Fri, 29 Aug 2025 15:16:04 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
>> This PR updates the CertificateBuilder with a new method that creates a new instance with common fields (subject name, public key, serial number, validity, and key uses) filled-in. One test, IPIdentities.java, is updated to show how the method can be used to create various certificates. I attached screenshots that compare the old hard-coded certificates (left) with the new generated certificates.
>>
>> 
>> 
>> 
>
> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 16 commits:
>
> - Merge branch 'master' into certbuilder
> - changed keystore to PKCS12 and remove key initialization
> - added new method, setOneHourValidity(), and removed it from the static method.
> - Merge branch 'master' into certbuilder
> - fixed redundant setNotAfter() calls. One of them should have been setNotBefore
> - Merge branch 'master' into certbuilder
> - expanded wildcard imports
> - Merge branch 'master' into certbuilder
> - Merge branch 'master' into certbuilder
> - reversed order of DN strings when making certificates.
> - ... and 6 more: https://git.openjdk.org/jdk/compare/452b052f...98ae3e4b
Marked as reviewed by mullan (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/23700#pullrequestreview-3169128309
More information about the security-dev
mailing list