Re: RFR[15] 8242060: Add revocation checking to jarsigner

> > * EnableRevocation.java > > - How long does this test take - does it hang for a little while trying to > make a connection or timeout right away? If it takes a while, you could > experiment with overriding the default timeouts for CRLs and OCSP checks to > make this test finish faster. Use

Re: [RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

For keysize in things like KeyPairGenerator, why are we using 255/448 (externally and internally) instead of 256/456?  From RFC 8032: section 3.2:  "An EdDSA private key is a b-bit string k" + section 5.1.5/Ed25519:  "The private key is 32 octets (256 bits, corresponding to b)

Re: [15] RFR JDK-8242151 Improve OID mapping and reuse among JDK security providers for aliases registration

Hmm, I took a shot at keytool/Main.java and used KnownOIDs.findMatch(...) to construct the oid. They will be included in webrev.02. Thanks, Valerie On 5/1/2020 3:29 PM, Valerie Peng wrote: These two BASE ones are simply used to get rid of the hardcoded oid string code in keytool/Main.java

Re: [15] RFR JDK-8242151 Improve OID mapping and reuse among JDK security providers for aliases registration

These two BASE ones are simply used to get rid of the hardcoded oid string code in keytool/Main.java. I can remove them (in webrev.02) and maybe you can update keytool/Main.java later to use the right KnownOIDs enum for oid construction? There are a few places in keytool/Main.java which can

Re: RFR[15] 8242060: Add revocation checking to jarsigner

* Main.java: 2067 Event.setReportListener(new Event.Reporter() { 2068 @Override 2069 public void handle(String t, Object... o) { 2070 System.out.println(String.format(rb.getString(t), o)); 2071

Re: [RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

On 4/28/20 5:58 PM, Bradford Wetmore wrote: Hi Tony, Apologies for the delay. > I updated the webrev with some minor updates that were commented > previously. > > https://cr.openjdk.java.net/~ascarpino/8166597/webrev.01/ I've finished the APIs and a fair chunk of the implementation, but ha

Re: RFR: 8225069: Remove Comodo root certificate that is expiring in May 2020

Looks good. --Sean On 5/1/20 1:53 PM, Rajan Halade wrote: Please review this fix to remove expiring Comodo root CA “AddTrust Class 1 CA Root”. Other two, AddTrust Qualified CA Root and AddTrust External CA Root, will remain since there are code signing certificates issued from those. Webrev

RFR: 8225069: Remove Comodo root certificate that is expiring in May 2020

Please review this fix to remove expiring Comodo root CA “AddTrust Class 1 CA Root”. Other two, AddTrust Qualified CA Root and AddTrust External CA Root, will remain since there are code signing certificates issued from those. Webrev: http://cr.openjdk.java.net/~rhalade/8225069/webrev.00/

Re: RFR[15] 8242060: Add revocation checking to jarsigner

Hi, With small change added to ‘Usages.java' test, here is the updated webrev: https://cr.openjdk.java.net/~hchao/8242060/webrev.01/ Thanks, Hai-May > On Apr 30, 2020, at 4:29 PM, Hai-May Chao wrote: > > Hi, > > I’d like to request a review for: > > JBS: https://bugs.openjdk.java.net/browse

Re: [15] RFR JDK-8242151 Improve OID mapping and reuse among JDK security providers for aliases registration

One more thing: In KnownOIDs.java, I found these 2 lines: PKIX_KP_BASE("1.3.6.1.5.5.7.3."), PKIX_OCSP_BASE("1.3.6.1.5.5.7.48."), IMHO, they should not belong here, at least, we should remove the dot at the end and make them real OIDs. I was testing the ObjectIdentifier generation and n

Re: [15] RFR JDK-8242151 Improve OID mapping and reuse among JDK security providers for aliases registration

ObjectIdentifier.java - Have you thought about storing the ObjectIdentifier object somewhere? ObjectIdentifier.of() creates a new object each time and the conversion of string to byte[] might be a performance issue. We used to have a lot of ObjectIdentifier objects in Algori