Hi Max:
In Java plugin, we display the detail information of certificate in both
Java Control panel and certificate dialog box from security warning, we
also extract entension from certificate to make sure they are valid to use.
Currently we are parsing the X509Certificate object to extract all the
detail information of certificate, the fields of certificate we need to
display are match to IE browser certificate information.
Yes, it would be helpful to provide a API/Object for deployment code to
retrieve those information.
Dennis
Weijun Wang wrote:
Hi All
I was talking with Xuelei on how to better display certificate info.
There are 3 cases we can currently think of:
1. debug output
2. keytool/jarsigner output
3. Java plugin display
The 1st one is the most primitive one and can be a single string, the
2nd is also a string but have some format and needs to localized, the
third is a series of Swing controls.
But the contents of all 3 are the same, and hopefully can be provided
in a single method. Each consumer can just display it in its own
style, with no need to understand Certificate fields, OIDs, etc. It's
just like XSLT transformation of XML files.
So what shall I do? Let toString() outputs a long string in XML or JSON?
Or, create a new method describe() or toDescription() that returns a
UnmodifiableMap (based on a LinkedHashMap to preserve order)?
I prefer the latter because there is no need to parse the output, and
at least in the case of certificate, since a certificate contains
extensions, it's very easy to stuff several maps inside another one.
The map's keys are strings, and values can be another map or a simple
data object, say, primitive, string, or Date.
So this needs a new interface Descriptable. It can either be:
interface sun.security.util.Descriptable;
sun.security.x509.X509CertImpl implements Descriptable;
sun.security.x509.Extension implements Descriptable;
or
interface java.security.Descriptable;
java.security.cert.X509Certificate implements Descriptable;
java.security.cert.Extension implements Descriptable;
or if there are other people find it useful, it can be inside the
java.util package.
What's your ideas? Do you also need such a method?
Thanks
Max
