Re: RFR [12]: 8210448: Copy Java XML Digital Signature API Specification into java.xml.crypto javadocs

2018-10-16 Thread Weijun Wang
> On Oct 16, 2018, at 11:53 PM, Sean Mullan wrote: > > Can you also review the CSR and add your name as reviewer? Added. Do you want to add a link to 'the normative sections of the "Java XML Digital Signature API Specification"' in the CSR? Thanks Max

Re: Fluent builder API for JCA/JSSE classes

2018-10-16 Thread Will Sargent
Also, I wasn't able to figure out how to create CertificateRequest at all. This is kind of a pain when dealing with Vault PKI or Lemur.

Re: RFR: JDK-8211866 TLS 1.3 CertificateRequest message sometimes offers disallowed signature algorithms

2018-10-16 Thread Jamil Nimeh
Thanks for the review.  Yes, those lines below can be brought up into one line.  I'll get that fixed up. Thanks, --Jamil On 10/15/2018 8:52 PM, Xuelei Fan wrote: Looks fine to me. Can the following two lines joined into one?  Looks like the length does not exceed 80 characters. int v

Re: RFR: 8210989 TLSv1.2 not authenticating using PSS certificates

2018-10-16 Thread Jamil Nimeh
Yes, that seems like a good idea to do.  I will add some comments explaining the change. --Jamil On 10/15/2018 11:36 AM, Xuelei Fan wrote: Looks nice to me. To help to remember the decision, would you mind add a comment in the T12CertificateRequestConsumer.consume() block about why we don't

Re: Fluent builder API for JCA/JSSE classes

2018-10-16 Thread Will Sargent
Hi Bernd, I'm not sure what you mean about exporting the package. I only have it working on JDK 1.8 right now, and I'm not sure about configuring it for multiple JDK versions. All of the code in X509CertificateCreator depends heavily

Re: RFR [12]: 8210448: Copy Java XML Digital Signature API Specification into java.xml.crypto javadocs

2018-10-16 Thread Sean Mullan
On 10/16/18 1:37 AM, Weijun Wang wrote: The links from source to "DOM Mechanism Requirements" use "package-summary.html#dom_reqs", but the id in dsig/package-info.java is "dom_req". Good catch! In the sections you copied from the JSR 105 spec, some class/method names have links to the API s

Re: RFR[12] JDK-8210632: Add key exchange algorithm to javax/net/ssl/TLSCommon/CipherSuite.java

2018-10-16 Thread Xuelei Fan
Looks fine to me. There is another potential improvement to divide the ECDHE_RSA, and other KeyExAlgorithms, into two parts, the key exchange algorithm (ECDHE), certificate key algorithm (EC) and the optional certificate signature algorithms (RSA). Thanks, Xuelei On 10/16/2018 1:08 AM, sha.

Re: RFR[12] JDK-8210632: Add key exchange algorithm to javax/net/ssl/TLSCommon/CipherSuite.java

2018-10-16 Thread sha . jiang
Ping... On 2018/10/10 11:25, sha.ji...@oracle.com wrote: Hi, It would be better that javax/net/ssl/TLSCommon/CipherSuite.java has an attribute on key exchange algorithm. This attribute could be used on selecting appropriate certificates by some tests. Issue: https://bugs.openjdk.java.net/bro