> On Dec 17, 2015, at 3:26 PM, Mandy Chung wrote:
>
> Hi Max,
>
> Very high level comments:
> - Builder::selfSign and Builder::sign are the two methods building the
> X509Certificate.
>
> Both @throws java.lang.IllegalStateException - if the builder is initialized
> with one of the asCA meth
Hi Max,
Very high level comments:
- Builder::selfSign and Builder::sign are the two methods building the
X509Certificate.
Both @throws java.lang.IllegalStateException - if the builder is initialized
with one of the asCA methods
It reads to me that there is no other method to generate a certif
Hi All
Here is an updated webrev
http://cr.openjdk.java.net/~weijun/8058778/webrev.05/
Spec change is at
http://cr.openjdk.java.net/~weijun/8058778/webrev.05/specdiff/java/security/cert/package-summary.html
These changes are made:
1. The Builder is moved into java.security.cert.X509Certi
On 12/03/2015 09:07 PM, Wang Weijun wrote:
Or if this is too much, we can at least do the X509Extension part. If
CertificateRequest is needed one day, we can create a new method
Builder.certificateRequest() that returns it and deprecate the
current request() method.
Or use certificateRequest() t
> On Dec 6, 2015, at 4:43 AM, Mike StJohns wrote:
>
> Hi Max -
>
> This comes under the heading of meta issues. There are at least two forms of
> certificate request - PKCS10 (RFC2986) and CRMF (RFC4211). There may be
> others (not sure that SCEP is a request per se vs a protocol).
I can c
Hi Max -
This comes under the heading of meta issues. There are at least two
forms of certificate request - PKCS10 (RFC2986) and CRMF (RFC4211).
There may be others (not sure that SCEP is a request per se vs a protocol).
Both generate requests for X509 certificates so you can't differentiat
Or if this is too much, we can at least do the X509Extension part. If
CertificateRequest is needed one day, we can create a new method
Builder.certificateRequest() that returns it and deprecate the current
request() method.
Or use certificateRequest() to return byte[] and save request() for the
+1 :)
On Thu, Dec 3, 2015 at 3:31 AM, Wang Weijun wrote:
> I tried.
>
> It's quite easy to move the new X509CertificateBuilder class into
> java.security.cert.X509Certificate as an inner class, but I still want to
> make Extension and CertificateRequest better.
>
> Extension
> -
>
> Turn
I tried.
It's quite easy to move the new X509CertificateBuilder class into
java.security.cert.X509Certificate as an inner class, but I still want to make
Extension and CertificateRequest better.
Extension
-
Turns out java.security.cert.Extension is already defined for X.509, and there
Applications that depend on such APIs are currently jumping through hoops
to provide the same functionality on multiple JVMs.
We have some nasty reflection based code in order to deal with build-time
dependencies.
It really should be formalized and made part of the SE API.
It will be great that I
> On Dec 3, 2015, at 4:11 AM, larry mccay wrote:
>
> Hi Max -
>
> Happy to see this enhancement - it would be great if it made its way into SE
> and other JVM implementations as a result!
I replied to Mandy's mail.
>
> If not, what would the added dependency be for consuming applications?
> On Dec 3, 2015, at 2:38 AM, Mandy Chung wrote:
>
> Hi Max,
>
> Is there any reason why this X509CertificateBuilder can’t be Java SE API?
Well, not much.
When we first design the new API, it was meant to be a quick alternative to
sun.security.tools.keytool.Main since that class will be in
Hi Max -
Happy to see this enhancement - it would be great if it made its way into
SE and other JVM implementations as a result!
If not, what would the added dependency be for consuming applications?
thanks,
--larry
On Wed, Dec 2, 2015 at 1:38 PM, Mandy Chung wrote:
> Hi Max,
>
> Is there an
Hi Max,
Is there any reason why this X509CertificateBuilder can’t be Java SE API? Have
you considered defining this builder API in
java.security.cert.X509Certificate.Builder?
Mandy
> On Dec 2, 2015, at 6:36 AM, Wang Weijun wrote:
>
> Hi All
>
> This enhancement creates a new jdk.security.c
Hi All
This enhancement creates a new jdk.security.cert.X509CertificateBuilder API
that does what keytool -genkeypair/-certreq/-gencert can do.
code changes:
http://cr.openjdk.java.net/~weijun/8058778/webrev.04
http://cr.openjdk.java.net/~weijun/8058778/dev/webrev.01/
spec:
http://cr.o
15 matches
Mail list logo
