Add check on `xpointer(id('name'))` format.
-
Commit messages:
- 8278186: throw StringIndexOutOfBoundsException when calling substring method
Changes: https://git.openjdk.java.net/jdk18/pull/1/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk18&pr=1&range=00
Issue: https:/
On Tue, 7 Dec 2021 07:14:53 GMT, Alan Bateman wrote:
> Is there a test for this? (I see noreg-trivial is added but a test should be
> easy to add).
I can add one, just thought it's not necessary. I didn't say noreg-hard. :-)
-
PR: https://git.openjdk.java.net/jdk/pull/6728
On Tue, 7 Dec 2021 00:08:03 GMT, Valerie Peng wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
>> line 405:
>>
>>> 403: private void cancelOperation() {
>>> 404: // cancel operation by finishing it; avoid killSession as some
>>> 405: //
On Mon, 6 Dec 2021 22:22:14 GMT, Weijun Wang wrote:
> Add null check. I must have thought the NPE will be thrown anyway but the
> `catch Exception` block swallows it.
>
> I added a noreg-trivial label. If you think differently can add one.
This pull request has now been integrated
Add null check. I must have thought the NPE will be thrown anyway but the
`catch Exception` block swallows it.
I added a noreg-trivial label. If you think differently can add one.
-
Commit messages:
- 8277932: Subject:callAs() not throwing NPE when action is null
Changes: https://
On Wed, 1 Dec 2021 17:31:37 GMT, Weijun Wang wrote:
> Import Apache Santuario 2.3.0 without the secure validation changes since in
> OpenJDK we are using the `jdk.xml.dsig.secureValidationPolicy` security
> property for XML Signature secure validation protection.
>
> Two com
On Fri, 3 Dec 2021 06:14:49 GMT, Sibabrata Sahoo wrote:
>> This Test gets timeout during low cpu availability. It is modified to
>> support extended timeout period during JTREG execution.
>
> Sibabrata Sahoo has updated the pull request incrementally with one
> additional commit since the last
On Wed, 1 Dec 2021 21:42:51 GMT, Valerie Peng wrote:
> PKCS#11 v3.0 adds the support for several new APIs. For this particular RFE,
> it enhances SunPKCS11 provider to load PKCS#11 provider by first trying the
> C_GetInterface (new in 3.0) before the C_GetFunctionList assuming not
> explicitly
On Fri, 3 Dec 2021 19:36:51 GMT, Weijun Wang wrote:
> The specification wrongly claims there could be an exception thrown, but it's
> not true.
This pull request has now been integrated.
Changeset: e1cde19d
Author:Weijun Wang
URL:
https://git.openjdk.java.net
The specification wrongly claims there could be an exception thrown, but it's
not true.
-
Commit messages:
- 8278247: KeyStoreSpi::engineGetAttributes does not throws KeyStoreException
Changes: https://git.openjdk.java.net/jdk/pull/6706/files
Webrev: https://webrevs.openjdk.java.n
On Wed, 20 Oct 2021 02:08:24 GMT, Weijun Wang wrote:
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
This pull reques
de changes
> - revert: revert the Santuario secure validation changes
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
update comment
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6644/files
- new: https://git.o
On Thu, 2 Dec 2021 01:20:30 GMT, Valerie Peng wrote:
> Can someone help reviewing this trivial one-line fix? The assert check in
> CK_MECHANISM.java is too strict and fail unexpectedly when digest-specific
> PSS signature mechanisms are supported by the underlying PKCS#11 library. The
> fix is
On Wed, 1 Dec 2021 19:29:36 GMT, Sibabrata Sahoo wrote:
> > Can you lower the `threadsFactor` or `duration`? Or set an upper limit for
> > `nTasks`?
>
> I can reduce the threadFactor and duration to close to half(threadsFactor=2
> and duration=2 Or hardcode nTasks=20) and i think there still w
Import Apache Santuario 2.3.0 without the secure validation changes since in
OpenJDK we are using the `jdk.xml.dsig.secureValidationPolicy` security
property for XML Signature secure validation protection.
Two commits are pushed:
- 2.3.0: Import 2.3.0 code changes
- revert: revert the Santuario
Update Public Suffix List data to the latest version at
https://github.com/publicsuffix/list.
-
Commit messages:
- 8255266: 2021-11-27 public suffix list update v 3c213aa
Changes: https://git.openjdk.java.net/jdk/pull/6643/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&p
On Wed, 1 Dec 2021 06:26:58 GMT, Sibabrata Sahoo wrote:
> This Test gets timeout during low cpu availability. It is modified to support
> extended timeout period during JTREG execution.
Can you lower the `threadsFactor` or `duration`? Or set an upper limit for
`nTasks`?
-
PR: htt
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request with a new target base due t
On Thu, 4 Nov 2021 19:34:50 GMT, Weijun Wang wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
&
On Thu, 14 Oct 2021 14:43:32 GMT, Weijun Wang wrote:
> You can create a password-less PKCS12 KeyStore file now by calling
> `ks.store(outStream, null)` no matter what the default cert protection
> algorithm and Mac algorithm are defined in `java.security`.
>
> Note: the system
On Wed, 24 Nov 2021 21:17:34 GMT, Valerie Peng wrote:
>> It is observed that when running crypto benchmark with large number of
>> threads, a lot of time is spent on the synchronized block inside the
>> Provider.getService() method. The cause for this is that
>> Provider.getService() method fi
On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang wrote:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a
On Wed, 24 Nov 2021 21:17:34 GMT, Valerie Peng wrote:
>> It is observed that when running crypto benchmark with large number of
>> threads, a lot of time is spent on the synchronized block inside the
>> Provider.getService() method. The cause for this is that
>> Provider.getService() method fi
On Tue, 30 Nov 2021 02:40:22 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/java/security/Provider.java line 832:
>>
>>> 830: // NOTE: may need extra mechanism for providers to indicate their
>>> 831: // preferred ordering of SecureRandom algorithms since registration
>>> 832:
On Tue, 30 Nov 2021 02:47:45 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/java/security/Provider.java line 979:
>>
>>> 977: parseLegacy(sk, sv, OPType.REPLACE);
>>> 978: }
>>> 979: }
>>
>> If you are going through all the entries, should we also cl
On Wed, 24 Nov 2021 21:17:34 GMT, Valerie Peng wrote:
>> It is observed that when running crypto benchmark with large number of
>> threads, a lot of time is spent on the synchronized block inside the
>> Provider.getService() method. The cause for this is that
>> Provider.getService() method fi
On Mon, 22 Nov 2021 21:26:05 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> some word changes
>
> src/java.security.jgss/share/classes/sun/security/krb5/Credent
s
> the actual fix to this issue, i.e. ignore the flag and retry another KDC.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
some word changes
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6082/files
- n
On Wed, 17 Nov 2021 14:06:00 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
On Thu, 28 Oct 2021 19:21:02 GMT, Martin Balao wrote:
> * The names 'second' and 'secondTicket' -that were used before- don't look
> ideal to me. I've not seen them used neither in RFC 4120 nor in MS-SFU
> (v.20.0). In the case of 'additionalTickets', it's defined in RFC 4120 but
> more from a
On Fri, 19 Nov 2021 23:34:11 GMT, Valerie Peng wrote:
>> The S4U2proxy extension requires that the service ticket to the first
>> service has the forwardable flag set, but some versions of Windows Server do
>> not set the forwardable flag in a S4U2self response and accept it in a
>> S4U2proxy
On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang wrote:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a
On Mon, 1 Nov 2021 14:42:32 GMT, Martin Balao wrote:
> But the question that concerns me most is if we really want to make such a
> tight check, or we are willing to forward everything.
Alexey said their customer has at least 50 KDCs. It will be quite a waste of
time if we go through each of t
The S4U2proxy extension requires that the service ticket to the first service
has the forwardable flag set, but some versions of Windows Server do not set
the forwardable flag in a S4U2self response and accept it in a S4U2proxy
request.
There are 2 commits now. The 1st is a refactoring that sen
On Thu, 18 Nov 2021 15:03:33 GMT, Sean Mullan wrote:
>> We should, but the problem is that jarsigner needs to individually test each
>> algorithm, so it can properly display which algorithm is restricted. So, I
>> think it will need to parse the RSSASSA params itself, and then call the
>> cons
On Tue, 16 Nov 2021 18:10:04 GMT, Sean Mullan wrote:
>> When a signature/digest algorithm was being checked, the algorithm
>> constraints checked both the signature/digest algorithm and the key to see
>> if they were restricted. This caused duplicate checks and was also
>> problematic for `jar
On Tue, 16 Nov 2021 19:36:11 GMT, Weijun Wang wrote:
> There is no need to check for the KeyUsage extension when validating a TSA
> certificate.
>
> A test is modified where a TSA cert has a KeyUsage but without the
> DigitalSignature bit.
This pull request has now
On Wed, 17 Nov 2021 17:16:38 GMT, Sean Coffey wrote:
>> Some elements of the PKCS9Attribute.PKCS9_OIDS array may have null value.
>> The PKCS9Attributes.toString() and PKCS9Attributes.getAttributes() methods
>> need to account for that.
>
> Sean Coffey has updated the pull request incrementally
On Wed, 17 Nov 2021 16:00:04 GMT, Sean Coffey wrote:
> Some elements of the PKCS9Attribute.PKCS9_OIDS array may have null value. The
> PKCS9Attributes.toString() and PKCS9Attributes.getAttributes() methods need
> to account for that.
test/jdk/sun/security/x509/AlgorithmId/NonStandardNames.java
On Wed, 17 Nov 2021 14:16:26 GMT, Sean Mullan wrote:
> Can you change the synopsis of the bug to more accurately reflect the current
> fix?
Updated. Thanks.
-
PR: https://git.openjdk.java.net/jdk/pull/6416
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
> There is no need to check for the KeyUsage extension when validating a TSA
> certificate.
>
> A test is modified where a TSA cert has a KeyUsage but without the
> DigitalSignature bit.
Weijun Wang has updated the pull request incrementally with one additional
commit since th
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
> There is no need to check for the KeyUsage extension when validating a TSA
> certificate.
>
> A test is modified where a TSA cert has a KeyUsage but without the
> DigitalSignature bit.
Weijun Wang has updated the pull request incrementally with one additional
commit since th
There is no need to check for the KeyUsage extension when validating a TSA
certificate.
A test is modified where a TSA cert has a KeyUsage but without the
DigitalSignature bit.
-
Commit messages:
- 8277246: No need to check about KeyUsage when validating a TSA certificate
Changes
On Mon, 8 Nov 2021 14:04:15 GMT, Sean Mullan wrote:
> When a signature/digest algorithm was being checked, the algorithm
> constraints checked both the signature/digest algorithm and the key to see if
> they were restricted. This caused duplicate checks and was also problematic
> for `jarsigne
On Thu, 5 Aug 2021 20:10:44 GMT, Weijun Wang wrote:
> New `Subject` APIs `current()` and `callAs()` are created to be replacements
> of `getSubject()` and `doAs()` since the latter two methods are now
> deprecated for removal.
>
> In this implementation, by default, `current
On Tue, 9 Nov 2021 14:23:54 GMT, Weijun Wang wrote:
> The test was added in JDK-8237218 to confirm that Java impl is used when
> verifying a signature. It is useless now since the native implementation is
> completely removed.
This pull request has now been integrated.
Changeset:
The test was added in JDK-8237218 to confirm that Java impl is used when
verifying a signature. It is useless now since the native implementation is
completely removed.
-
Commit messages:
- 8276863: Remove test/jdk/sun/security/ec/ECDSAJavaVerify.java
Changes: https://git.openjdk.
On Thu, 4 Nov 2021 22:11:41 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
On Thu, 4 Nov 2021 22:11:41 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
gt; `AccessControlContext` inside the call inherits the subject from the outer
> one.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
tiny spec change to be the same as CSR
-
Changes:
- all: https://git.openjdk.java
On Wed, 3 Nov 2021 14:18:38 GMT, Weijun Wang wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
&
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request incrementally with one a
On Thu, 4 Nov 2021 13:21:19 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> more clear and precise spec
>
> src/java.base/share/classes/java/security/KeySt
rts` must
> be retained (at the moment) because the tool is launched with BOOT_JDK.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
same spec in SPI
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5950/fi
On Tue, 2 Nov 2021 15:18:10 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> clarification on protected attributes
>
> src/java.base/share/classes/java/security/KeySt
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request incrementally with one a
On Tue, 2 Nov 2021 20:39:47 GMT, Florent Guillaume
wrote:
>> Larry-N has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review notes
>
> Could the original JDK-8230297 be closed as a duplicate please?
@efge Closed. Thanks for remi
On Thu, 28 Oct 2021 21:13:40 GMT, Hai-May Chao wrote:
>> This change does a few improvements to the output of `keytool -printcert
>> -jarfile` command to help readability and diagnosis.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revis
On Thu, 28 Oct 2021 17:21:42 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
On Thu, 28 Oct 2021 18:55:32 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in a
On Wed, 27 Oct 2021 20:08:34 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in a
On Thu, 28 Oct 2021 17:31:26 GMT, Larry-N wrote:
> Thank you for the explanations. When I cleaned up the working directory all
> pass ok. ( And fails when I submitted the test a second time)
Let's hope the directory is always clean when the test is actually launched. I
have no other comments.
On Thu, 28 Oct 2021 17:42:28 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in a
On Thu, 28 Oct 2021 16:17:44 GMT, Hai-May Chao wrote:
>> This change does a few improvements to the output of `keytool -printcert
>> -jarfile` command to help readability and diagnosis.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revis
On Thu, 28 Oct 2021 17:21:42 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
gt; `AccessControlContext` inside the call inherits the subject from the outer
> one.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
more spec tweaks
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5024/files
On Thu, 28 Oct 2021 13:51:01 GMT, Sean Mullan wrote:
>> I wonder if someone will interpret this as "after I've called `getEntry` on
>> a private key, I can get the encrypted attributes through
>> `KeyStore::getAttributes`". How about something like "and only available
>> through the {@link Key
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request incrementally with one a
On Wed, 27 Oct 2021 20:08:34 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in a
On Wed, 27 Oct 2021 19:40:16 GMT, Sean Mullan wrote:
>> This is complicated. Theoretically a KeyStore implementation can store some
>> attributes in clear text and some encrypted, and it's probably not possible
>> to know if there exist any encrypted ones before actually decrypting the
>> entr
On Wed, 27 Oct 2021 18:43:41 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in a
rts` must
> be retained (at the moment) because the tool is launched with BOOT_JDK.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
spec change
only in patch2:
unchanged:
-
Changes:
- all: https://git.openjdk.java
On Wed, 27 Oct 2021 16:32:48 GMT, Hai-May Chao wrote:
>> This change does a few improvements to the output of `keytool -printcert
>> -jarfile` command to help readability and diagnosis.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revis
On Sat, 23 Oct 2021 00:40:39 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
gt; `AccessControlContext` inside the call inherits the subject from the outer
> one.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
address comments from Sean and Bernd
-
Changes:
- all: https://git.openjdk.java.net/
On Wed, 27 Oct 2021 12:46:57 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> src/java.base/share/classes/javax/security/auth/Subject.java line 324:
&g
On Mon, 25 Oct 2021 20:02:14 GMT, Bernd wrote:
>> Oh, it's needed. Otherwise the `AccessController.getContext()` call (which
>> is inside `current()`) will also be called in a clean privileged context and
>> there is no subject associated with it.
>>
>> On the other hand, it still needs to in
On Wed, 27 Oct 2021 13:49:18 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/javax/security/auth/Subject.java line 296:
>>
>>> 294: * which is equivalent to
>>> 295: * {@code Subject.getSubject(AccessController.getContext())}
>>> 296: * by default in this
On Mon, 25 Oct 2021 19:52:06 GMT, Bernd wrote:
>> Sure, I can. I was testing the default value to "false" at some time and
>> found `"true".equals` and `!"false".equals` symmetric and good-looking. :-)
>
> It probably doesn’t matter to have the Logic centralized, just looked a bit
> hardcoded (
On Wed, 27 Oct 2021 13:06:54 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in a
On Tue, 26 Oct 2021 22:37:02 GMT, Hai-May Chao wrote:
> This change does a few improvements to the output of `keytool -printcert
> -jarfile` command to help readability and diagnosis.
src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2878:
> 2876:
On Tue, 26 Oct 2021 19:35:42 GMT, Sean Mullan wrote:
>> The JDK implementation (as supplied by the "SUN" provider) of
>> `X509Certificate::getSubjectAlternativeNames` and
>> `X509Certificate::getIssuerAlternativeNames` returns `null` instead of
>> throwing a `CertificateParsingException` when
rts` must
> be retained (at the moment) because the tool is launched with BOOT_JDK.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
test update
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5950/fi
On Tue, 26 Oct 2021 15:28:51 GMT, Sean Mullan wrote:
>> I was asking if `getIssuerAlternativeNameExtension` can throw the exception
>> if IAE exists but not parseable.
>
> Ok, I understand your comment now. I'm hesitant to change those methods to
> throw an exception because to be consistent al
On Mon, 25 Oct 2021 14:36:58 GMT, Sean Mullan wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
>
> src/java.base/share/c
On Mon, 25 Oct 2021 14:34:57 GMT, Sean Mullan wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
>
> src/java.base/share/c
On Sat, 23 Oct 2021 14:04:07 GMT, Andrey Turbanov wrote:
> Cleanup unused local variables. Looks like they are leftovers after
> refactoring.
src/java.base/share/classes/sun/security/rsa/RSAPSSSignature.java line 211:
> 209: AlgorithmParameterSpec keyParams = rsaKey.getParams();
> 210:
On Wed, 20 Oct 2021 18:06:39 GMT, Weijun Wang wrote:
> Support Cipher operations on CNG keys.
This pull request has now been integrated.
Changeset: 10e1610f
Author: Weijun Wang
URL:
https://git.openjdk.java.net/jdk/commit/10e1610f7b99f42f834478528df7ecfb4320aec1
Stats: 210 li
> Support Cipher operations on CNG keys.
Weijun Wang has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase.
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6
On Wed, 20 Oct 2021 17:54:50 GMT, Weijun Wang wrote:
> If a entry is overwritten by another one using the same alias, make sure the
> old one is removed.
This pull request has now been integrated.
Changeset: 43619458
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/
On Mon, 25 Oct 2021 20:17:17 GMT, Sean Mullan wrote:
>> That's probably a little deeper and changing it will have a mass effect.
>> What about at the `getIssuerAlternativeNameExtension` level?
>
> Unless I am misunderstanding your comment, I don't think this is an issue in
> practice. The code
On Mon, 25 Oct 2021 17:05:58 GMT, Sean Mullan wrote:
>> You can create a password-less PKCS12 KeyStore file now by calling
>> `ks.store(outStream, null)` no matter what the default cert protection
>> algorithm and Mac algorithm are defined in `java.security`.
>>
>> Note: the system properties
On Mon, 25 Oct 2021 17:02:10 GMT, Sean Mullan wrote:
>> You can create a password-less PKCS12 KeyStore file now by calling
>> `ks.store(outStream, null)` no matter what the default cert protection
>> algorithm and Mac algorithm are defined in `java.security`.
>>
>> Note: the system properties
On Mon, 25 Oct 2021 15:13:25 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 1618:
>>
>>> 1616: }
>>> 1617: SubjectAlternativeNameExtension subjectAltNameExt =
>>> 1618: getSubjectAlternativeNameExtension();
>>
>> Does
On Mon, 25 Oct 2021 18:24:36 GMT, Weijun Wang wrote:
>> test/jdk/sun/security/krb5/KrbCredSubKey.java line 34:
>>
>>> 32:
>>> 33: import java.io.FileOutputStream;
>>> 34: import java.util.concurrent.Callable;
>>
>> Should those tests run w
301 - 400 of 3227 matches
Mail list logo