On 11/4/2021 9:13 PM, Michael StJohns wrote:
On 11/3/2021 3:03 PM, Lari Hotari wrote:
On Mon, 20 Sep 2021 09:35:57 GMT, Lari Hotari
wrote:
### Motivation
When profiling an application that uses JWT token authentication,
it was noticed that a high number of
`javax.crypto.BadPaddingExceptio
On 11/3/2021 3:03 PM, Lari Hotari wrote:
On Mon, 20 Sep 2021 09:35:57 GMT, Lari Hotari wrote:
### Motivation
When profiling an application that uses JWT token authentication, it was
noticed that a high number of `javax.crypto.BadPaddingException`s were created.
When investigating the code i
> New `Subject` APIs `current()` and `callAs()` are created to be replacements
> of `getSubject()` and `doAs()` since the latter two methods are now
> deprecated for removal.
>
> In this implementation, by default, `current()` returns the same value as
> `getSubject(AccessController.getCurrent(
On Wed, 3 Nov 2021 14:18:38 GMT, Weijun Wang wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
>
> Weijun Wang has update
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request incrementally with one additional
commit
> I ran bin/blessed-modifier-order.sh on source owned by security-libs. This
> scripts verifies that modifiers are in the "blessed" order, and fixes it
> otherwise. I have manually checked the changes made by the script to make
> sure they are sound.
Magnus Ihse Bursie has updated the pull requ
Thanks for thinking about this issue, Bernd. The case I am thinking
about is an application which verifies the identity of the signer but
which lets the classloader verify the checksum.
On 11/3/21 5:16 PM, Bernd Eckenfels wrote:
Rick if you fear an attacker can modify and install a JAR with a
On Thu, 4 Nov 2021 13:44:52 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/java/security/KeyStore.java line 1027:
>>
>>> 1025: *
>>> 1026: * @implSpec
>>> 1027: * The default implementation returns an empty {@code Set}.
>>
>> Would it make more sense for the default impl
On Thu, 4 Nov 2021 13:21:19 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> more clear and precise spec
>
> src/java.base/share/classes/java/security/KeyStore.java line 1027:
>
>> 1025: *
>> 1
On Wed, 3 Nov 2021 14:18:38 GMT, Weijun Wang wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
>
> Weijun Wang has update
I ran bin/blessed-modifier-order.sh on source owned by security-libs. This
scripts verifies that modifiers are in the "blessed" order, and fixes it
otherwise. I have manually checked the changes made by the script to make sure
they are sound.
-
Commit messages:
- 8276632: Use bles
On Wed, 3 Nov 2021 21:56:10 GMT, Xue-Lei Andrew Fan wrote:
>>> Hi @lhotari, please submit an OCA at https://oca.opensource.oracle.com/ if
>>> you are contributing on your own behalf. If you are contributing on your
>>> employers behalf, please send me an e-Mail at
>>> [dalibor.to...@oracle.com
12 matches
Mail list logo