On Tue, 15 Nov 2022 00:35:31 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Instead if creating an "unsigned" `X509CertImpl` with only an `X509CertInfo`
> inside, a new static method `signNew` is introduced to create a newly signed
> certificate from an `X509CertInfo` object and a `PrivateKey`. Thus make sure
> an `X509CertImpl` is always signed and there is no read to keep its
> `readOnly` flag.
>
> The same for `X509CRLImpl`. A new inner class `TBSCertList` is added which is
> equivalent to `X509CertInfo` inside `X509CertImpl`.
src/java.base/share/classes/sun/security/x509/X509CRLImpl.java line 365:
> 363: */
> 364: public X509CRLImpl(TBSCertList info, AlgorithmId sigAlgId, byte[]
> signature,
> 365: byte[] tbsCertList, byte[] signedCRL) {
In fact, all arguments must be non null. Only the last one is checked to
emphasize that the encoding must be provided. This constructor is also used in
tests to create fake CRLs where not all fields are available.
src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 122:
> 120: */
> 121: public X509CertImpl(X509CertInfo info, AlgorithmId algId, byte[]
> signature,
> 122: byte[] signedCert) {
In fact, all arguments must be non null. Only the last one is checked to
emphasize that the encoding must be provided. This constructor is also used in
tests to create fake certificates where not all fields are available.
-------------
PR: https://git.openjdk.org/jdk/pull/11151
