On Thu, 11 Feb 2021 01:01:56 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> This change is made for compliance with RFC 5280 section 4.2.1.1 for >> Authority Key Identifier extension. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > API used to get AKID src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1482: > 1480: byte[] signerSubjectKeyIdExt = > ((X509Certificate)signerCert).getExtensionValue( > 1481: KnownOIDs.SubjectKeyID.value()); > 1482: How about pass in the `KeyIdentifier` instead of `PublicKey akey` into the createV3Extensions method? And you can calculated with X509CertImpl impl; if (signerCert instanceof X509CertImpl) { impl = (X509CertImpl) signerCert; } else { impl = new X509CertImpl(signerCert.getEncoded()); } impl.getSubjectKeyId(); ------------- PR: https://git.openjdk.java.net/jdk/pull/2343