Integrated: 8286428: AlgorithmId should understand PBES2

2022-05-15 Thread Weijun Wang 
On Mon, 9 May 2022 21:44:10 GMT, Weijun Wang  wrote:

> `AlgorithmId.getName` is updated for PBES2 algorithm identifiers so it 
> directly returns the standard algorithm defined by Java (Ex: 
> `PBEWithHmacSHA256AndAES_256`), instead of a simple "PBES2".
> 
> Please note I specifically update the javadoc for this method to clarify that 
> this name is meant to be a name that's recognized by various `getInstance()` 
> methods. This is how we are actually using this method.
> 
> After this change, the `javax.crypto.EncryptedPrivateKeyInfo` API 
> automatically works with PBES2 encrypted data. As the spec of its 
> `getAlgName()` methods says, "Standard name is returned". This is shown by 
> the newly include regression test.
> 
> Existing security-related tests run fine.

This pull request has now been integrated.

Changeset: 357f990e
Author:Weijun Wang 
URL:   
https://git.openjdk.java.net/jdk/commit/357f990e3244feaba6d8709b7ea50660220a418b
Stats: 149 lines in 3 files changed: 118 ins; 16 del; 15 mod

8286428: AlgorithmId should understand PBES2

Reviewed-by: valeriep

-

PR: https://git.openjdk.java.net/jdk/pull/8615

Integrated: 8284194: Allow empty subject fields in keytool

2022-05-15 Thread Weijun Wang 
On Wed, 11 May 2022 21:55:45 GMT, Weijun Wang  wrote:

> This code change allows one entering "." at a distinguished name prompt to 
> skip a sub-component when running `keytool -genkeyapir`. Several new resource 
> strings are added.
> 
> There is no detailed description in `keytool.html`, so I think there's no 
> need to update it.
> 
> I'll file a CSR to describe the behavior change.
> 
> Here is an example after this change:
> 
> $ keytool -genkeypair -keystore ks -storepass changeit -alias b -keyalg EC
> Enter the distinguished name. Provide a single dot (.) to leave a 
> sub-component empty or press ENTER to use the default value in braces.
> What is your first and last name?
>   [Unknown]:  .
> What is the name of your organizational unit?
>   [Unknown]:  .
> What is the name of your organization?
>   [Unknown]:  .
> What is the name of your City or Locality?
>   [Unknown]:  .
> What is the name of your State or Province?
>   [Unknown]:  .
> What is the two-letter country code for this unit?
>   [Unknown]:  .
> At least one field must be provided. Enter again.
> Enter the distinguished name. Provide a single dot (.) to leave a 
> sub-component empty or press ENTER to use the default value in braces.
> What is your first and last name?
>   []:  Duke
> What is the name of your organizational unit?
>   []:
> What is the name of your organization?
>   []:
> What is the name of your City or Locality?
>   []:
> What is the name of your State or Province?
>   []:
> What is the two-letter country code for this unit?
>   []:
> Is CN=Duke correct?
>   [no]:  yes
> 
> Generating 384 bit EC (secp384r1) key pair and self-signed certificate 
> (SHA384withECDSA) with a validity of 90 days
>   for: CN=Duke
> 
> In the first round, "." is entered for all fields and keytool rejected it. In 
> the second round, CN is entered but the others are unchanged (just type 
> enter, because they are already entered previously). At the end, the name is 
> "CN=Duke".

This pull request has now been integrated.

Changeset: f4f1dddf
Author:Weijun Wang 
URL:   
https://git.openjdk.java.net/jdk/commit/f4f1dddfef6ed3206763bb0e441aebd06a23d6fe
Stats: 128 lines in 4 files changed: 91 ins; 3 del; 34 mod

8284194: Allow empty subject fields in keytool

Reviewed-by: jnimeh, hchao

-

PR: https://git.openjdk.java.net/jdk/pull/8667