Instead if creating an "unsigned" `X509CertImpl` with only an `X509CertInfo` inside, a new static method `signNew` is introduced to create a newly signed certificate from an `X509CertInfo` object and a `PrivateKey`. Thus make sure an `X509CertImpl` is always signed and there is no read to keep its `readOnly` flag.
The same for `X509CRLImpl`. A new inner class `TBSCertList` is added which is equivalent to `X509CertInfo` inside `X509CertImpl`. ------------- Commit messages: - remove trailing space - the fix Changes: https://git.openjdk.org/jdk/pull/11151/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11151&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8296901 Stats: 708 lines in 11 files changed: 294 ins; 313 del; 101 mod Patch: https://git.openjdk.org/jdk/pull/11151.diff Fetch: git fetch https://git.openjdk.org/jdk pull/11151/head:pull/11151 PR: https://git.openjdk.org/jdk/pull/11151