On Fri, 23 Jul 2021 10:33:14 GMT, Alexey Bakhtin wrote:
> Hello,
>
> Could you please review the small patch for the issue described in
> JDK-8271199: Mutual TLS handshake fails signing client certificate with
> custom sensitive PKCS11 key
>
> I suggest updating the RSAPSSSignature.isValid()
The JDK implementation (as supplied by the "SUN" provider) of
`X509Certificate::getSubjectAlternativeNames` and
`X509Certificate::getIssuerAlternativeNames` returns `null` instead of throwing
a `CertificateParsingException` when the extension is unparseable.
This fix changes the behavior to com
On Mon, 25 Oct 2021 12:53:43 GMT, Sean Mullan wrote:
> The JDK implementation (as supplied by the "SUN" provider) of
> `X509Certificate::getSubjectAlternativeNames` and
> `X509Certificate::getIssuerAlternativeNames` returns `null` instead of
> throwing a `CertificateParsingException` when the
On Wed, 20 Oct 2021 02:08:24 GMT, Weijun Wang wrote:
> Add `KeyStore::getAttributes` so that one can get the attributes of an entry
> without retrieving the entry first. This is especially useful for a private
> key entry which can only be retrieved with a password.
src/java.base/share/classes
On Mon, 25 Oct 2021 14:20:08 GMT, Weijun Wang wrote:
> How about other `X509Certificate` methods that get info of an extension?
Good question. There are 3: `getBasicConstraints`, `getKeyUsage` and
`getExtendedKeyUsage`. The first two methods are not specified to throw an
Exception, so that see
On Mon, 25 Oct 2021 14:17:56 GMT, Weijun Wang wrote:
>> The JDK implementation (as supplied by the "SUN" provider) of
>> `X509Certificate::getSubjectAlternativeNames` and
>> `X509Certificate::getIssuerAlternativeNames` returns `null` instead of
>> throwing a `CertificateParsingException` when
On Fri, 22 Oct 2021 21:45:25 GMT, Bernd wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> src/java.base/share/classes/javax/security/auth/Subject.java line 325:
>
>> 323:
>> 324: // Store the current
On Fri, 22 Oct 2021 21:53:30 GMT, Bernd wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> src/java.base/share/classes/javax/security/auth/Subject.java line 475:
>
>> 473: * call {@link #callAs}
On Fri, 22 Oct 2021 22:13:51 GMT, Bernd wrote:
>> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
>> line 107:
>>
>>> 105: */
>>> 106: public static ServiceCreds getServiceCreds(GSSCaller caller,
>>> 107: String serverPrincipal) throws LoginExcepti
On Fri, 22 Oct 2021 22:07:50 GMT, Bernd wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> test/jdk/javax/security/auth/Subject/DoAs.java line 44:
>
>> 42: final int index = i;
>> 43:
On Mon, 25 Oct 2021 18:24:36 GMT, Weijun Wang wrote:
>> test/jdk/sun/security/krb5/KrbCredSubKey.java line 34:
>>
>>> 32:
>>> 33: import java.io.FileOutputStream;
>>> 34: import java.util.concurrent.Callable;
>>
>> Should those tests run with both permutations of the system property?
>
> I did
On Mon, 25 Oct 2021 15:13:25 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 1618:
>>
>>> 1616: }
>>> 1617: SubjectAlternativeNameExtension subjectAltNameExt =
>>> 1618: getSubjectAlternativeNameExtension();
>>
>> Does
On Mon, 25 Oct 2021 17:58:15 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/javax/security/auth/Subject.java line 325:
>>
>>> 323:
>>> 324: // Store the current subject to a ThreadLocal when a system
>>> property is set.
>>> 325: private static final boolean USE_TL = "true".equ
On Mon, 25 Oct 2021 18:08:19 GMT, Weijun Wang wrote:
>> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java
>> line 708:
>>
>>> 706: @SuppressWarnings("removal")
>>> 707: final Subject subject =
>>> 708:
On Mon, 25 Oct 2021 18:29:34 GMT, Weijun Wang wrote:
>> To clarify, do you mean this code in `getExtension(ObjectIdentifier)` that
>> swallows the exception?:
>>
>>
>> } catch (IOException ioe) {
>> return null;
>> }
>
> That's probably a little deeper and changing
On Thu, 14 Oct 2021 14:43:32 GMT, Weijun Wang wrote:
> You can create a password-less PKCS12 KeyStore file now by calling
> `ks.store(outStream, null)` no matter what the default cert protection
> algorithm and Mac algorithm are defined in `java.security`.
>
> Note: the system properties set i
On Wed, 20 Oct 2021 18:06:39 GMT, Weijun Wang wrote:
> Support Cipher operations on CNG keys.
Changes look good~
-
Marked as reviewed by valeriep (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/6049
On Mon, 25 Oct 2021 17:02:10 GMT, Sean Mullan wrote:
>> You can create a password-less PKCS12 KeyStore file now by calling
>> `ks.store(outStream, null)` no matter what the default cert protection
>> algorithm and Mac algorithm are defined in `java.security`.
>>
>> Note: the system properties
On Mon, 25 Oct 2021 17:05:58 GMT, Sean Mullan wrote:
>> You can create a password-less PKCS12 KeyStore file now by calling
>> `ks.store(outStream, null)` no matter what the default cert protection
>> algorithm and Mac algorithm are defined in `java.security`.
>>
>> Note: the system properties
On Mon, 25 Oct 2021 20:17:17 GMT, Sean Mullan wrote:
>> That's probably a little deeper and changing it will have a mass effect.
>> What about at the `getIssuerAlternativeNameExtension` level?
>
> Unless I am misunderstanding your comment, I don't think this is an issue in
> practice. The code
On Wed, 20 Oct 2021 17:54:50 GMT, Weijun Wang wrote:
> If a entry is overwritten by another one using the same alias, make sure the
> old one is removed.
Changes look good. Thanks!
-
Marked as reviewed by valeriep (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/6047
On Wed, 20 Oct 2021 17:54:50 GMT, Weijun Wang wrote:
> If a entry is overwritten by another one using the same alias, make sure the
> old one is removed.
This pull request has now been integrated.
Changeset: 43619458
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/commit/4
> Support Cipher operations on CNG keys.
Weijun Wang has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase.
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/6049/
On Wed, 20 Oct 2021 18:06:39 GMT, Weijun Wang wrote:
> Support Cipher operations on CNG keys.
The dependent pull request has now been integrated, and the target branch of
this pull request has been updated. This means that changes from the dependent
pull request can start to show up as belongi
On Wed, 20 Oct 2021 18:06:39 GMT, Weijun Wang wrote:
> Support Cipher operations on CNG keys.
This pull request has now been integrated.
Changeset: 10e1610f
Author:Weijun Wang
URL:
https://git.openjdk.java.net/jdk/commit/10e1610f7b99f42f834478528df7ecfb4320aec1
Stats: 210 lines
25 matches
Mail list logo
