RFR: 8292033: Move jdk.X509Certificate event logic to JCA layer [v5]
Sean Mullan
mullan at openjdk.org
Tue Nov 8 16:26:20 UTC 2022
On Fri, 4 Nov 2022 15:58:01 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> By moving the JFR event up to the java.security.cert.CertificateFactory class, we can record all generate cert events, including those from 3rd party providers. I've also altered the logic so that an event is genertate for every generate cert call (not just ones missing from the JDK provider implementation cache)
>>
>> test case also updated to capture new logic
>
> Sean Coffey has updated the pull request incrementally with one additional commit since the last revision:
>
> Further code review comments and new keytool test coverage with JFR
>
My vote would be to leave it out. `keytool` already emits warnings when weak algorithms are used. It seems we both agree that few users, will likely enable JFR on `keytool`. We could always add these events later, but it is harder to remove them once they are in there.
-------------
PR: https://git.openjdk.org/jdk/pull/10422
More information about the security-dev
mailing list