On Thu, 11 Feb 2021 01:01:56 GMT, Hai-May Chao <[email protected]> wrote:
>> This change is made for compliance with RFC 5280 section 4.2.1.1 for
>> Authority Key Identifier extension.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revision:
>
> API used to get AKID
src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1482:
> 1480: byte[] signerSubjectKeyIdExt =
> ((X509Certificate)signerCert).getExtensionValue(
> 1481: KnownOIDs.SubjectKeyID.value());
> 1482:
How about pass in the `KeyIdentifier` instead of `PublicKey akey` into the
createV3Extensions method? And you can calculated with
X509CertImpl impl;
if (signerCert instanceof X509CertImpl) {
impl = (X509CertImpl) signerCert;
} else {
impl = new X509CertImpl(signerCert.getEncoded());
}
impl.getSubjectKeyId();
-------------
PR: https://git.openjdk.java.net/jdk/pull/2343
