webrev updated at
http://cr.openjdk.java.net/~weijun/7109096/webrev.01/
This time JPRT tests jdk_security3 passes on all platforms.
Thanks
Max
On 11/08/2011 03:18 PM, Weijun Wang wrote:
I only run tests on my Linux before posting the webrev. Then, in the
pre-push JPRT run, it fails on
Did you get any failure report about the CR?
I asked the question because I concern about the format of the encoded
public key. I'm not sure whether it is always be X.509 or not. If it is
not of X.509, we properly cannot calculate the KID properly, and then
would be in the risk to chain the AKID,
Looking at the API definitions, it's possible for an RSAPublicKey
implementation to have an encoding that is not X.509. So, the right check
really is publicKey.getFormat().equalsIgnoreCase(X.509) and not publicKey
instanceof RSAPublicKey. No need for the or check. Or maybe the instance
Changeset: ca49d50318dc
Author:jjg
Date: 2011-11-08 11:51 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/ca49d50318dc
6921494: provide way to print javac tree tag values
Reviewed-by: jjg, mcimadamore
Contributed-by: vicent...@yahoo.es
!
Looks fine to me.
Thanks,
Valerie
On 11/07/11 18:41, Weijun Wang wrote:
Hi Valerie
Please review my fix at
http://cr.openjdk.java.net/~weijun/7107019/webrev.00/
This is a harmless bug, but it would be nice to code it correct and
add some notes.
Thanks
Max
Original Message
Changeset: 36553cb94345
Author:jjg
Date: 2011-11-08 17:06 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/36553cb94345
7108668: allow Log to be initialized and used earlier
Reviewed-by: mcimadamore
! src/share/classes/com/sun/tools/apt/comp/Apt.java
!
Changeset: f410b91caf45
Author:weijun
Date: 2011-11-09 09:30 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f410b91caf45
7107019: sun.security.krb5.internal.ccache.CCacheInputStream.readCred does not
use auth data
Reviewed-by: valeriep
!
Well, in fact the whole CertAndKeyGen class already assumes that the
public key has an X.509 encoding format.
public X509Certificate getSelfCertificate (
X500Name myname, Date firstDate, long validity) ...
{
info.set(X509CertInfo.KEY, new
I'm also working on some other CR that need to considering the key
format. The key.getFormat() may return null, so the safer comparing
should be:
+ 160 if (!X.509.equalsIgnoreCase(publicKey.getFormat())) {
- 160 if (!publicKey.getFormat().equalsIgnoreCase(X.509)) {
Otherwise,
One more comment that I'm not sure why you come to the conclusion that
CertAndKeyGen has already assumed that the public key is of X.509 format.
And what did you want to show with the example of getSelfCertificate()
method? I did not find it is useful to come to the above conclusion.
I'm not
The CertAndKeyGen class is for generating a keypair and create a
certificate or cert request. The normal usage for it will be
1. create an object
2. call generate() to generate keypair
3. call getSelfCertificate or getCertRequest
Both methods in step 3 assume the publicKey to be X.509 encoded.
Fortunately, our PKCS11 implementation do returns x.509
format for RSA, DSA, DH and EC public key.
Please go with your latest update. Please pay attention that
publicKey.getFormat() may be null.
Xuelei
On 11/9/2011 1:15 PM, Weijun Wang wrote:
The CertAndKeyGen class is for generating a
Changeset: 52be75d060f9
Author:weijun
Date: 2011-11-09 15:51 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/52be75d060f9
7109096: keytool -genkeypair needn't call -selfcert
Reviewed-by: xuelei
! src/share/classes/sun/security/tools/CertAndKeyGen.java
!
13 matches
Mail list logo
