I am ok with the idea of putting the public API refactoring under a
separate RFE.
Let me apply your updated patch below and run existing regressions again.
Thanks,
Valerie
On 2/5/2018 5:51 AM, Martin Balao wrote:
Hi Valerie,
Thanks for your review.
Here it's the new webrev updated to the new repository structure. I've
also updated the testcase to use the new @module jtreg feature:
*
http://cr.openjdk.java.net/~akasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2018_02_02/8029661.webrev.02
<http://cr.openjdk.java.net/%7Eakasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2018_02_02/8029661.webrev.02>
(online)
*
http://cr.openjdk.java.net/~akasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2018_02_02/8029661.webrev.02.zip
<http://cr.openjdk.java.net/%7Eakasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2018_02_02/8029661.webrev.02.zip>
(download)
A few comments in regards to creating public APIs from
sun.security.internal.spec classes.
Classes in jdk/src/java.base/share/classes/sun/security/internal/spec:
* TlsKeyMaterialParameterSpec.java
* TlsMasterSecretParameterSpec.java
* TlsRsaPremasterSecretParameterSpec.java
* TlsKeyMaterialSpec.java
* TlsPrfParameterSpec.java
Classes in jdk/src/java.base/share/classes/java/security/spec (which I
assume would be the destination):
* AlgorithmParameterSpec.java
* ECGenParameterSpec.java
* InvalidParameterSpecException.java
* RSAOtherPrimeInfo.java
* DSAGenParameterSpec.java
* ECParameterSpec.java
* KeySpec.java
* ...
TlsRsaPremasterSecretParameterSpec class contains information about
min and max SSL/TLS version and, optionally, the pre-master encoded
key. This information may be useful to any 3rd party class that
implements a KeyGenerator to generate RSA pre-master secrets.
TlsMasterSecretParameterSpec class contains information (client/server
random, pre-master secret, hash algorithm, etc.) to generate a master
secret from a pre-master secret.
TlsKeyMaterialParameterSpec class contains information (client/server
random, master secret, hash algorithm, etc.) to generate keys for a
session from a master secret.
TlsPrfParameterSpec class contains information (secret key, label,
hash algorithm, etc.) to generate handshake authentication codes.
TlsKeyMaterialSpec class contains information about session keys. This
class inherits from SecretKey class.
So, I agree with you: these parameters/specs may be used by a 3rd
party and would be better to have them as public interfaces.
However, I suggest to address that in a new ticket because:
* it is not strictly inherent to SunPKCS11 + TLS 1.2 support we are
providing in the context of this ticket;
* it would be more clear both in tickets documentation and repository
changeset;
* this refactoring is going to go through CSR, which SunPKCS11 + TLS
1.2 support does not need; and,
* we should also evaluate how TLS 1.3 changes going to impact into this.
Would splitting this into a new ticket work for you?
Kind regards,
Martin.-
