I'll take a look. I thought java.security.cert.X509CertSelector is used by CertPath validators and builders internally and never thought it can be called directly.
Thanks, Max > On Jan 17, 2019, at 1:49 AM, Xuelei Fan <xuelei....@oracle.com> wrote: > > Hi Max, > > I did not look into the detailed implementation of findIssuer() yet. Have you > considered to use java.security.cert.X509CertSelector? > > Thanks, > Xuelei > > On 1/9/2019 6:59 AM, Weijun Wang wrote: >> Please take a review at >> https://cr.openjdk.java.net/~weijun/8215776/webrev.00/ >> PKCS12KeyStore now can find certificate issuers more precisely using >> SubjectKeyIdentifier and AuthorityKeyIdentifier. I thought about using >> CertPath builder or checking signatures but those changes are too much. >> Thanks, >> Max
