On Tue, 7 Dec 2021 07:14:53 GMT, Alan Bateman wrote:
> Is there a test for this? (I see noreg-trivial is added but a test should be
> easy to add).
I can add one, just thought it's not necessary. I didn't say noreg-hard. :-)
-
PR: https://git.openjdk.java.net/jdk/pull/6728
On Tue, 7 Dec 2021 00:08:03 GMT, Valerie Peng wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
>> line 405:
>>
>>> 403: private void cancelOperation() {
>>> 404: // cancel operation by finishing it; avoid killSession as some
>>> 405: //
On Mon, 6 Dec 2021 22:22:14 GMT, Weijun Wang wrote:
> Add null check. I must have thought the NPE will be thrown anyway but the
> `catch Exception` block swallows it.
>
> I added a noreg-trivial label. If you think differently can add one.
This pull request has now been integrated
Add null check. I must have thought the NPE will be thrown anyway but the
`catch Exception` block swallows it.
I added a noreg-trivial label. If you think differently can add one.
-
Commit messages:
- 8277932: Subject:callAs() not throwing NPE when action is null
Changes:
On Wed, 1 Dec 2021 17:31:37 GMT, Weijun Wang wrote:
> Import Apache Santuario 2.3.0 without the secure validation changes since in
> OpenJDK we are using the `jdk.xml.dsig.secureValidationPolicy` security
> property for XML Signature secure validation protection.
>
> Two com
On Fri, 3 Dec 2021 06:14:49 GMT, Sibabrata Sahoo wrote:
>> This Test gets timeout during low cpu availability. It is modified to
>> support extended timeout period during JTREG execution.
>
> Sibabrata Sahoo has updated the pull request incrementally with one
> additional commit since the last
On Wed, 1 Dec 2021 21:42:51 GMT, Valerie Peng wrote:
> PKCS#11 v3.0 adds the support for several new APIs. For this particular RFE,
> it enhances SunPKCS11 provider to load PKCS#11 provider by first trying the
> C_GetInterface (new in 3.0) before the C_GetFunctionList assuming not
>
On Fri, 3 Dec 2021 19:36:51 GMT, Weijun Wang wrote:
> The specification wrongly claims there could be an exception thrown, but it's
> not true.
This pull request has now been integrated.
Changeset: e1cde19d
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/
The specification wrongly claims there could be an exception thrown, but it's
not true.
-
Commit messages:
- 8278247: KeyStoreSpi::engineGetAttributes does not throws KeyStoreException
Changes: https://git.openjdk.java.net/jdk/pull/6706/files
Webrev:
On Wed, 20 Oct 2021 02:08:24 GMT, Weijun Wang wrote:
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
This pull reques
de changes
> - revert: revert the Santuario secure validation changes
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
update comment
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6644/files
- new: https://git.o
On Thu, 2 Dec 2021 01:20:30 GMT, Valerie Peng wrote:
> Can someone help reviewing this trivial one-line fix? The assert check in
> CK_MECHANISM.java is too strict and fail unexpectedly when digest-specific
> PSS signature mechanisms are supported by the underlying PKCS#11 library. The
> fix
On Wed, 1 Dec 2021 19:29:36 GMT, Sibabrata Sahoo wrote:
> > Can you lower the `threadsFactor` or `duration`? Or set an upper limit for
> > `nTasks`?
>
> I can reduce the threadFactor and duration to close to half(threadsFactor=2
> and duration=2 Or hardcode nTasks=20) and i think there still
Import Apache Santuario 2.3.0 without the secure validation changes since in
OpenJDK we are using the `jdk.xml.dsig.secureValidationPolicy` security
property for XML Signature secure validation protection.
Two commits are pushed:
- 2.3.0: Import 2.3.0 code changes
- revert: revert the
Update Public Suffix List data to the latest version at
https://github.com/publicsuffix/list.
-
Commit messages:
- 8255266: 2021-11-27 public suffix list update v 3c213aa
Changes: https://git.openjdk.java.net/jdk/pull/6643/files
Webrev:
On Wed, 1 Dec 2021 06:26:58 GMT, Sibabrata Sahoo wrote:
> This Test gets timeout during low cpu availability. It is modified to support
> extended timeout period during JTREG execution.
Can you lower the `threadsFactor` or `duration`? Or set an upper limit for
`nTasks`?
-
PR:
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request with a new target base due t
On Thu, 4 Nov 2021 19:34:50 GMT, Weijun Wang wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
&
On Thu, 14 Oct 2021 14:43:32 GMT, Weijun Wang wrote:
> You can create a password-less PKCS12 KeyStore file now by calling
> `ks.store(outStream, null)` no matter what the default cert protection
> algorithm and Mac algorithm are defined in `java.security`.
>
> Note: the system
On Wed, 24 Nov 2021 21:17:34 GMT, Valerie Peng wrote:
>> It is observed that when running crypto benchmark with large number of
>> threads, a lot of time is spent on the synchronized block inside the
>> Provider.getService() method. The cause for this is that
>> Provider.getService() method
On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang wrote:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a
On Wed, 24 Nov 2021 21:17:34 GMT, Valerie Peng wrote:
>> It is observed that when running crypto benchmark with large number of
>> threads, a lot of time is spent on the synchronized block inside the
>> Provider.getService() method. The cause for this is that
>> Provider.getService() method
On Tue, 30 Nov 2021 02:40:22 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/java/security/Provider.java line 832:
>>
>>> 830: // NOTE: may need extra mechanism for providers to indicate their
>>> 831: // preferred ordering of SecureRandom algorithms since registration
>>> 832:
On Tue, 30 Nov 2021 02:47:45 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/java/security/Provider.java line 979:
>>
>>> 977: parseLegacy(sk, sv, OPType.REPLACE);
>>> 978: }
>>> 979: }
>>
>> If you are going through all the entries, should we also
On Wed, 24 Nov 2021 21:17:34 GMT, Valerie Peng wrote:
>> It is observed that when running crypto benchmark with large number of
>> threads, a lot of time is spent on the synchronized block inside the
>> Provider.getService() method. The cause for this is that
>> Provider.getService() method
On Mon, 22 Nov 2021 21:26:05 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> some word changes
>
> src/java.security.jgss/share/classes/sun/security/krb5/Credent
s
> the actual fix to this issue, i.e. ignore the flag and retry another KDC.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
some word changes
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6082/files
- n
On Wed, 17 Nov 2021 14:06:00 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
On Thu, 28 Oct 2021 19:21:02 GMT, Martin Balao wrote:
> * The names 'second' and 'secondTicket' -that were used before- don't look
> ideal to me. I've not seen them used neither in RFC 4120 nor in MS-SFU
> (v.20.0). In the case of 'additionalTickets', it's defined in RFC 4120 but
> more from
On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang wrote:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a
On Mon, 1 Nov 2021 14:42:32 GMT, Martin Balao wrote:
> But the question that concerns me most is if we really want to make such a
> tight check, or we are willing to forward everything.
Alexey said their customer has at least 50 KDCs. It will be quite a waste of
time if we go through each of
The S4U2proxy extension requires that the service ticket to the first service
has the forwardable flag set, but some versions of Windows Server do not set
the forwardable flag in a S4U2self response and accept it in a S4U2proxy
request.
There are 2 commits now. The 1st is a refactoring that
On Thu, 18 Nov 2021 15:03:33 GMT, Sean Mullan wrote:
>> We should, but the problem is that jarsigner needs to individually test each
>> algorithm, so it can properly display which algorithm is restricted. So, I
>> think it will need to parse the RSSASSA params itself, and then call the
>>
On Tue, 16 Nov 2021 18:10:04 GMT, Sean Mullan wrote:
>> When a signature/digest algorithm was being checked, the algorithm
>> constraints checked both the signature/digest algorithm and the key to see
>> if they were restricted. This caused duplicate checks and was also
>> problematic for
On Tue, 16 Nov 2021 19:36:11 GMT, Weijun Wang wrote:
> There is no need to check for the KeyUsage extension when validating a TSA
> certificate.
>
> A test is modified where a TSA cert has a KeyUsage but without the
> DigitalSignature bit.
This pull request has now
On Wed, 17 Nov 2021 17:16:38 GMT, Sean Coffey wrote:
>> Some elements of the PKCS9Attribute.PKCS9_OIDS array may have null value.
>> The PKCS9Attributes.toString() and PKCS9Attributes.getAttributes() methods
>> need to account for that.
>
> Sean Coffey has updated the pull request
On Wed, 17 Nov 2021 16:00:04 GMT, Sean Coffey wrote:
> Some elements of the PKCS9Attribute.PKCS9_OIDS array may have null value. The
> PKCS9Attributes.toString() and PKCS9Attributes.getAttributes() methods need
> to account for that.
On Wed, 17 Nov 2021 14:16:26 GMT, Sean Mullan wrote:
> Can you change the synopsis of the bug to more accurately reflect the current
> fix?
Updated. Thanks.
-
PR: https://git.openjdk.java.net/jdk/pull/6416
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
> There is no need to check for the KeyUsage extension when validating a TSA
> certificate.
>
> A test is modified where a TSA cert has a KeyUsage but without the
> DigitalSignature bit.
Weijun Wang has updated the pull request incrementally with one additional
commit since th
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weij
> There is no need to check for the KeyUsage extension when validating a TSA
> certificate.
>
> A test is modified where a TSA cert has a KeyUsage but without the
> DigitalSignature bit.
Weijun Wang has updated the pull request incrementally with one additional
commit since th
There is no need to check for the KeyUsage extension when validating a TSA
certificate.
A test is modified where a TSA cert has a KeyUsage but without the
DigitalSignature bit.
-
Commit messages:
- 8277246: No need to check about KeyUsage when validating a TSA certificate
On Mon, 8 Nov 2021 14:04:15 GMT, Sean Mullan wrote:
> When a signature/digest algorithm was being checked, the algorithm
> constraints checked both the signature/digest algorithm and the key to see if
> they were restricted. This caused duplicate checks and was also problematic
> for
On Thu, 5 Aug 2021 20:10:44 GMT, Weijun Wang wrote:
> New `Subject` APIs `current()` and `callAs()` are created to be replacements
> of `getSubject()` and `doAs()` since the latter two methods are now
> deprecated for removal.
>
> In this implementation, by default, `cur
On Tue, 9 Nov 2021 14:23:54 GMT, Weijun Wang wrote:
> The test was added in JDK-8237218 to confirm that Java impl is used when
> verifying a signature. It is useless now since the native implementation is
> completely removed.
This pull request has now been integrated.
Changeset:
The test was added in JDK-8237218 to confirm that Java impl is used when
verifying a signature. It is useless now since the native implementation is
completely removed.
-
Commit messages:
- 8276863: Remove test/jdk/sun/security/ec/ECDSAJavaVerify.java
Changes:
On Thu, 4 Nov 2021 22:11:41 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
On Thu, 4 Nov 2021 22:11:41 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
gt; `AccessControlContext` inside the call inherits the subject from the outer
> one.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
tiny spec change to be the same as CSR
-
Changes:
- all: https://git.openjdk.java
On Wed, 3 Nov 2021 14:18:38 GMT, Weijun Wang wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
&
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request incrementally with one a
On Thu, 4 Nov 2021 13:21:19 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> more clear and precise spec
>
> src/java.base/share/classes/java/security/KeySt
`cacerts` must
> be retained (at the moment) because the tool is launched with BOOT_JDK.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
same spec in SPI
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5950/fi
On Tue, 2 Nov 2021 15:18:10 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> clarification on protected attributes
>
> src/java.base/share/classes/java/security/KeySt
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request incrementally with one a
On Tue, 2 Nov 2021 20:39:47 GMT, Florent Guillaume
wrote:
>> Larry-N has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review notes
>
> Could the original JDK-8230297 be closed as a duplicate please?
@efge Closed. Thanks for
On Thu, 28 Oct 2021 21:13:40 GMT, Hai-May Chao wrote:
>> This change does a few improvements to the output of `keytool -printcert
>> -jarfile` command to help readability and diagnosis.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last
On Thu, 28 Oct 2021 17:21:42 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
On Thu, 28 Oct 2021 18:55:32 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in
On Wed, 27 Oct 2021 20:08:34 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in
On Thu, 28 Oct 2021 17:31:26 GMT, Larry-N wrote:
> Thank you for the explanations. When I cleaned up the working directory all
> pass ok. ( And fails when I submitted the test a second time)
Let's hope the directory is always clean when the test is actually launched. I
have no other comments.
On Thu, 28 Oct 2021 17:42:28 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in
On Thu, 28 Oct 2021 16:17:44 GMT, Hai-May Chao wrote:
>> This change does a few improvements to the output of `keytool -printcert
>> -jarfile` command to help readability and diagnosis.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last
On Thu, 28 Oct 2021 17:21:42 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
gt; `AccessControlContext` inside the call inherits the subject from the outer
> one.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
more spec tweaks
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5024/files
On Thu, 28 Oct 2021 13:51:01 GMT, Sean Mullan wrote:
>> I wonder if someone will interpret this as "after I've called `getEntry` on
>> a private key, I can get the encrypted attributes through
>> `KeyStore::getAttributes`". How about something like "and only available
>> through the {@link
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
Weijun Wang has updated the pull request incrementally with one a
On Wed, 27 Oct 2021 20:08:34 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in
On Wed, 27 Oct 2021 19:40:16 GMT, Sean Mullan wrote:
>> This is complicated. Theoretically a KeyStore implementation can store some
>> attributes in clear text and some encrypted, and it's probably not possible
>> to know if there exist any encrypted ones before actually decrypting the
>>
On Wed, 27 Oct 2021 18:43:41 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in
`cacerts` must
> be retained (at the moment) because the tool is launched with BOOT_JDK.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
spec change
only in patch2:
unchanged:
-
Changes:
- all: https://git.openjdk.java
On Wed, 27 Oct 2021 16:32:48 GMT, Hai-May Chao wrote:
>> This change does a few improvements to the output of `keytool -printcert
>> -jarfile` command to help readability and diagnosis.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last
On Sat, 23 Oct 2021 00:40:39 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, b
gt; `AccessControlContext` inside the call inherits the subject from the outer
> one.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
address comments from Sean and Bernd
-
Changes:
- all: https://git.openjdk.java.net/
On Wed, 27 Oct 2021 12:46:57 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> src/java.base/share/classes/javax/security/auth/Subject.java line 324:
&g
On Mon, 25 Oct 2021 20:02:14 GMT, Bernd wrote:
>> Oh, it's needed. Otherwise the `AccessController.getContext()` call (which
>> is inside `current()`) will also be called in a clean privileged context and
>> there is no subject associated with it.
>>
>> On the other hand, it still needs to in
On Wed, 27 Oct 2021 13:49:18 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/javax/security/auth/Subject.java line 296:
>>
>>> 294: * which is equivalent to
>>> 295: * {@code Subject.getSubject(AccessController.getContext())}
>>> 296: * by default in this
On Mon, 25 Oct 2021 19:52:06 GMT, Bernd wrote:
>> Sure, I can. I was testing the default value to "false" at some time and
>> found `"true".equals` and `!"false".equals` symmetric and good-looking. :-)
>
> It probably doesn’t matter to have the Logic centralized, just looked a bit
> hardcoded
On Wed, 27 Oct 2021 13:06:54 GMT, Larry-N wrote:
>> This fix adds a cache of service provider classes to LoginContext (in
>> particular, it's a cache of LoginModules classes). The approach helps to
>> increase the performance of the LoginContext.login() method significantly,
>> especially in
On Tue, 26 Oct 2021 22:37:02 GMT, Hai-May Chao wrote:
> This change does a few improvements to the output of `keytool -printcert
> -jarfile` command to help readability and diagnosis.
src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2878:
> 2876:
On Tue, 26 Oct 2021 19:35:42 GMT, Sean Mullan wrote:
>> The JDK implementation (as supplied by the "SUN" provider) of
>> `X509Certificate::getSubjectAlternativeNames` and
>> `X509Certificate::getIssuerAlternativeNames` returns `null` instead of
>> throwing a `CertificateParsingException` when
`cacerts` must
> be retained (at the moment) because the tool is launched with BOOT_JDK.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
test update
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/5950/fi
On Tue, 26 Oct 2021 15:28:51 GMT, Sean Mullan wrote:
>> I was asking if `getIssuerAlternativeNameExtension` can throw the exception
>> if IAE exists but not parseable.
>
> Ok, I understand your comment now. I'm hesitant to change those methods to
> throw an exception because to be consistent
On Mon, 25 Oct 2021 14:36:58 GMT, Sean Mullan wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
>
>
On Mon, 25 Oct 2021 14:34:57 GMT, Sean Mullan wrote:
>> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
>> without retrieving the entry first. This is especially useful for a private
>> key entry which can only be retrieved with a password.
>
>
On Sat, 23 Oct 2021 14:04:07 GMT, Andrey Turbanov wrote:
> Cleanup unused local variables. Looks like they are leftovers after
> refactoring.
src/java.base/share/classes/sun/security/rsa/RSAPSSSignature.java line 211:
> 209: AlgorithmParameterSpec keyParams = rsaKey.getParams();
>
On Wed, 20 Oct 2021 18:06:39 GMT, Weijun Wang wrote:
> Support Cipher operations on CNG keys.
This pull request has now been integrated.
Changeset: 10e1610f
Author: Weijun Wang
URL:
https://git.openjdk.java.net/jdk/commit/10e1610f7b99f42f834478528df7ecfb4320aec1
Stats: 210 li
> Support Cipher operations on CNG keys.
Weijun Wang has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase.
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6
On Wed, 20 Oct 2021 17:54:50 GMT, Weijun Wang wrote:
> If a entry is overwritten by another one using the same alias, make sure the
> old one is removed.
This pull request has now been integrated.
Changeset: 43619458
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/
On Mon, 25 Oct 2021 20:17:17 GMT, Sean Mullan wrote:
>> That's probably a little deeper and changing it will have a mass effect.
>> What about at the `getIssuerAlternativeNameExtension` level?
>
> Unless I am misunderstanding your comment, I don't think this is an issue in
> practice. The code
On Mon, 25 Oct 2021 17:05:58 GMT, Sean Mullan wrote:
>> You can create a password-less PKCS12 KeyStore file now by calling
>> `ks.store(outStream, null)` no matter what the default cert protection
>> algorithm and Mac algorithm are defined in `java.security`.
>>
>> Note: the system properties
On Mon, 25 Oct 2021 17:02:10 GMT, Sean Mullan wrote:
>> You can create a password-less PKCS12 KeyStore file now by calling
>> `ks.store(outStream, null)` no matter what the default cert protection
>> algorithm and Mac algorithm are defined in `java.security`.
>>
>> Note: the system properties
On Mon, 25 Oct 2021 15:13:25 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 1618:
>>
>>> 1616: }
>>> 1617: SubjectAlternativeNameExtension subjectAltNameExt =
>>> 1618: getSubjectAlternativeNameExtension();
>>
>> Does
On Mon, 25 Oct 2021 18:24:36 GMT, Weijun Wang wrote:
>> test/jdk/sun/security/krb5/KrbCredSubKey.java line 34:
>>
>>> 32:
>>> 33: import java.io.FileOutputStream;
>>> 34: import java.util.concurrent.Callable;
>>
>> Should those tests run w
On Fri, 22 Oct 2021 22:07:50 GMT, Bernd wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> test/jdk/javax/security/auth/Subject/DoAs.java line 44:
>
>> 42:
On Fri, 22 Oct 2021 22:13:51 GMT, Bernd wrote:
>> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
>> line 107:
>>
>>> 105: */
>>> 106: public static ServiceCreds getServiceCreds(GSSCaller caller,
>>> 107: String serverPrincipal) throws
301 - 400 of 2902 matches
Mail list logo
