8296901: Do not create unsigned certificate and CRL #11151
Conversation
|
👋 Welcome back weijun! A progress list of the required criteria for merging this PR into |
| */ | ||
| private X509CRLImpl() { } | ||
| public X509CRLImpl(TBSCertList info, AlgorithmId sigAlgId, byte[] signature, | ||
| byte[] tbsCertList, byte[] signedCRL) { |
There was a problem hiding this comment.
In fact, all arguments must be non null. Only the last one is checked to emphasize that the encoding must be provided. This constructor is also used in tests to create fake CRLs where not all fields are available.
| */ | ||
| public X509CertImpl() { } | ||
| public X509CertImpl(X509CertInfo info, AlgorithmId algId, byte[] signature, | ||
| byte[] signedCert) { |
There was a problem hiding this comment.
In fact, all arguments must be non null. Only the last one is checked to emphasize that the encoding must be provided. This constructor is also used in tests to create fake certificates where not all fields are available.
Webrevs
|
| @@ -1351,7 +1321,7 @@ private static Collection<List<?>> cloneAltNames(Collection<List<?>> altNames) { | |||
| public synchronized Collection<List<?>> getSubjectAlternativeNames() | |||
| throws CertificateParsingException { | |||
| // return cached value if we can | |||
| if (readOnly && subjectAlternativeNames != null) { | |||
| if (subjectAlternativeNames != null) { | |||
There was a problem hiding this comment.
| if (subjectAlternativeNames != null) { | |
| if (subjectAlternativeNames != null) { |
There was a problem hiding this comment.
Didn't notice that. Will fix. Thanks.
|
@wangweij This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 85 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
I just want to emphasize that a new object is created. If we can use "new" as a verb, maybe "newSigned" is better. I can revert to "sign" if you think they sound weird. |
|
Not worth spending too many cycles because it is internal code. Maybe |
|
I chose |
|
/integrate |
|
Going to push as commit ab6b7ef.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
Instead if creating an "unsigned"
X509CertImplwith only anX509CertInfoinside, a new static methodsignNewis introduced to create a newly signed certificate from anX509CertInfoobject and aPrivateKey. Thus make sure anX509CertImplis always signed and there is no read to keep itsreadOnlyflag.The same for
X509CRLImpl. A new inner classTBSCertListis added which is equivalent toX509CertInfoinsideX509CertImpl.Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/11151/head:pull/11151$ git checkout pull/11151Update a local copy of the PR:
$ git checkout pull/11151$ git pull https://git.openjdk.org/jdk pull/11151/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 11151View PR using the GUI difftool:
$ git pr show -t 11151Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/11151.diff