On Tue, 11 May 2021 04:22:49 GMT, Xue-Lei Andrew Fan wrote:
> Hi,
>
> May I have the following test code reviewed?
>
> The test SSLEngineExplorerMatchedSNI.java fails intermittently. I tried to
> run the test 500 times, but cannot reproduce the issue. The cause is unknown
> to me now. It
Please review the fix to address keytool -importkeystore failure when importing
to a password-less PKCS12 keystore.
-
Commit messages:
- 8266400: importkeystore fails to a password less pkcs12 keystore
Changes: https://git.openjdk.java.net/jdk/pull/4119/files
Webrev:
On Thu, 6 May 2021 16:49:33 GMT, Hai-May Chao wrote:
> Please review the change to jarsigner so it uses certpath security property
> in order to properly display the weakness of the certificate algorithms.
This pull request has now been integrated.
Changeset: 995e9560
Author: Hai-Ma
On Fri, 7 May 2021 14:10:14 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Test with new java.security file
>
> Marked as reviewed by weijun (Reviewer).
On Thu, 6 May 2021 18:08:40 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Test with new java.security file
>
> test/jdk/sun/security/tools/jarsigner/CheckSignerCe
> Please review the change to jarsigner so it uses certpath security property
> in order to properly display the weakness of the certificate algorithms.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Test with new java.se
On Wed, 19 May 2021 19:01:21 GMT, Hai-May Chao wrote:
> Please review the fix to address keytool -importkeystore failure when
> importing to a password-less PKCS12 keystore.
This pull request has now been integrated.
Changeset: f2d880c1
Author: Hai-May Chao
URL:
On Thu, 29 Apr 2021 17:51:17 GMT, Weijun Wang wrote:
>> It's awkward that for a password-less pkcs12 keystore, `keytool -list` does
>> not prompt for a password but `keytool -list -storetype pkcs12` does.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit
> This change is made for compliance with RFC 5280 section 4.2.1.1 for
> Authority Key Identifier extension.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Test case added and not overriding -ext fix
-
C
On Wed, 10 Feb 2021 22:41:26 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Test case added and not overriding -ext fix
>
> test/jdk/sun/security/tools/keyt
On Wed, 10 Feb 2021 23:25:45 GMT, Weijun Wang wrote:
>> The current method serves the need to verify the accuracy of the AKID for
>> this PR, and it looks straightforward to perceive I think. The API such as
>> cert.getExtensionValue(KnownOIDs.AuthorityKeyID.value()), and new DerValue
>> to
> This change is made for compliance with RFC 5280 section 4.2.1.1 for
> Authority Key Identifier extension.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
API used to get AKID
-
Changes:
- all:
This change is made for compliance with RFC 5280 section 4.2.1.1 for Authority
Key Identifier extension.
-
Commit messages:
- 8257497: Key identifier compliance issue
Changes: https://git.openjdk.java.net/jdk/pull/2343/files
Webrev:
Please review the changes that adds the -signer option to keytool -genkeypair
command. As key agreement algorithms do not have a signing algorithm, the
specified signer's private key will be used to sign and generate a key
agreement certificate.
CSR review is at:
On Wed, 31 Mar 2021 13:36:39 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated with review comments
>
> Some comments on the CSR:
> 1. In the "Solutio
ew is at: https://bugs.openjdk.java.net/browse/JDK-8264325
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Updated with review comments
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/3281/files
- new: https://git.openjdk.ja
ew is at: https://bugs.openjdk.java.net/browse/JDK-8264325
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
update with review comments
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/3281/files
- new: https://git.openjdk.ja
On Thu, 1 Apr 2021 17:04:33 GMT, Weijun Wang wrote:
>> As `RecoveryKey()` will make sure if the entry exists in the keystore and is
>> a `PrivateKeyEntry`, removed this checking and updated to check for if
>> `signerCert` is null.
>
> Yes, it must be a private key entry. On the other hand, I
ew is at: https://bugs.openjdk.java.net/browse/JDK-8264325
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Updated with review comments
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/3281/files
- new: https://git.openjdk.ja
On Thu, 1 Apr 2021 16:53:31 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated with review comments
>
> src/java.base/share/classes/sun/security/tools/keytool
On Thu, 1 Apr 2021 16:49:19 GMT, Weijun Wang wrote:
>> Not sure the reason why a change is needed for the existing logic.
>
> With a signer, it makes no sense to create a single-cert array at the
> beginning. I am suggesting:
> X509Certificate newCert = keypair.getSelfCertificate(...);
>
On Thu, 1 Apr 2021 21:27:52 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated with review comments
>
> src/java.base/share/classes/sun/security/tools/keytool/
On Mon, 22 Mar 2021 10:45:34 GMT, Sibabrata Sahoo wrote:
> The Test getting timeout intermittently because the SO_TIMEOUT of 5 seconds
> set on sslServerSocket. This time interval could be inadequate when the
> machine is too busy. Also it looks setting SO_TIMEOUT is unnecessary here. So
>
On Wed, 31 Mar 2021 06:30:01 GMT, Hai-May Chao wrote:
> Please review the changes that adds the -signer option to keytool -genkeypair
> command. As key agreement algorithms do not have a signing algorithm, the
> specified signer's private key will be used to sign and gener
On Fri, 2 Apr 2021 01:40:16 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> update with review comments
>
> src/java.base/share/classes/sun/security/tools/keytool/M
On Fri, 2 Apr 2021 11:52:16 GMT, Weijun Wang wrote:
>>> Maybe we don't need to resolve it in this code change. If we look carefully
>>> at RFC 8410 Sections 10.1 and 10.2, it shows the X25519 certificate in 10.2
>>> is using the signer's SKID in 10.1 as its own SKID and it has no AKID.
>>>
ew is at: https://bugs.openjdk.java.net/browse/JDK-8264325
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
update with review comments
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/3281/files
- new: https://git.openjdk.ja
On Thu, 8 Apr 2021 00:01:57 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> update with review comments
>
> src/java.base/share/classes/sun/security/tools/keytool
ew is at: https://bugs.openjdk.java.net/browse/JDK-8264325
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
test update with comment
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/3281/files
- new: https://git.openjdk.java.ne
On Thu, 8 Apr 2021 01:42:18 GMT, Hai-May Chao wrote:
>> test/jdk/sun/security/tools/keytool/GenKeyPairSigner.java line 299:
>>
>>> 297: System.exit(1);
>>> 298: }
>>> 299:
>>
>> Since you are here, you can check if t
ng the
> signer’s private key. This is especially useful for generating a certificate
> with a key agreement algorithm as its public key algorithm.
>
> --Sean
>
> On 4/9/21 5:12 PM, Hai-May Chao wrote:
>> Please review the release note for JDK-8264968:
>> https://bugs.openjdk.java.net/browse/JDK-8264968
>> Thanks,
>> Hai-May
On Tue, 20 Apr 2021 11:54:39 GMT, Sean Coffey wrote:
> Trivial enough change. Improved the exception thrown from JceKeyStore also.
Marked as reviewed by hchao (Committer).
-
PR: https://git.openjdk.java.net/jdk/pull/3588
Please review the release note for JDK-8264968:
https://bugs.openjdk.java.net/browse/JDK-8264968
Thanks,
Hai-May
> This change is made for compliance with RFC 5280 section 4.2.1.1 for
> Authority Key Identifier extension.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Compare keys using encoded bytes
-
Changes:
- all:
On Tue, 16 Feb 2021 18:33:52 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Reduced one param to createV3Extensions
>
> src/java.base/share/classes/sun/security/too
On Wed, 17 Feb 2021 15:55:30 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Compare keys using encoded bytes
>
> Looks good. However, I think you should change the
On Mon, 1 Feb 2021 23:06:30 GMT, Hai-May Chao wrote:
> This change is made for compliance with RFC 5280 section 4.2.1.1 for
> Authority Key Identifier extension.
This pull request has now been integrated.
Changeset: 05301f5f
Author: Hai-May Chao
URL: https://git.openjdk.java.n
On Fri, 5 Feb 2021 10:16:14 GMT, Sean Coffey wrote:
>> This change is made for compliance with RFC 5280 section 4.2.1.1 for
>> Authority Key Identifier extension.
>
> Marked as reviewed by coffeys (Reviewer).
@coffeys Thanks for the review!
-
PR:
On Fri, 12 Feb 2021 21:01:48 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Reduced one param to createV3Extensions
>
> LGTM.
Thanks for the review,
> This change is made for compliance with RFC 5280 section 4.2.1.1 for
> Authority Key Identifier extension.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Reduced one param to createV3Extensions
-
Changes:
On Fri, 12 Feb 2021 14:49:17 GMT, Weijun Wang wrote:
>> Changed as suggested.
>
> Sorry, I should have been more verbose on my suggestion. I was thinking about
> passing in **_only_** the `KeyIdentifier` and _**not**_ `akey`. After all
> both of them are for the same purpose and it's clear to
On Thu, 11 Feb 2021 19:48:23 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> API used to get AKID
>
> src/java.base/share/classes/sun/security/tools/keytool/M
> This change is made for compliance with RFC 5280 section 4.2.1.1 for
> Authority Key Identifier extension.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
passing in KeyIdentifier to createV3Extensions
-
C
It'd be useful to have a -version option for keytool and jarsigner. Many other
JDK tools already have a -version option. This is to add -version option to
keytool and jarsigner like jar command does.
-
Commit messages:
- 8272163: Add -version option to keytool and jarsigner
On Fri, 15 Oct 2021 13:34:48 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Fix -version in jarsigner and update tests
>
> src/jdk.jartool/share/classes/sun/secu
> It'd be useful to have a -version option for keytool and jarsigner. Many
> other JDK tools already have a -version option. This is to add -version
> option to keytool and jarsigner like jar command does.
>
> CSR review:
> https://bugs.openjdk.java.net/browse/JDK-8275174
On Fri, 15 Oct 2021 13:49:27 GMT, Weijun Wang wrote:
>> It'd be useful to have a -version option for keytool and jarsigner. Many
>> other JDK tools already have a -version option. This is to add -version
>> option to keytool and jarsigner like jar command does.
>>
>> CSR review:
>>
> It'd be useful to have a -version option for keytool and jarsigner. Many
> other JDK tools already have a -version option. This is to add -version
> option to keytool and jarsigner like jar command does.
>
> CSR review:
> https://bugs.openjdk.java.net/browse/JDK-8275174
On Tue, 19 Oct 2021 03:40:55 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Fix -version in jarsigner and update tests
>
> src/jdk.jartool/share/classes/sun/secu
> It'd be useful to have a -version option for keytool and jarsigner. Many
> other JDK tools already have a -version option. This is to add -version
> option to keytool and jarsigner like jar command does.
>
> CSR review:
> https://bugs.openjdk.java.net/browse/JDK-8275174
On Tue, 19 Oct 2021 13:10:15 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated comment in test
>
> Approved the PR. Thanks. I have a small comment on the CSR.
> It'd be useful to have a -version option for keytool and jarsigner. Many
> other JDK tools already have a -version option. This is to add -version
> option to keytool and jarsigner like jar command does.
>
> CSR review:
> https://bugs.openjdk.java.net/browse/JDK-8275174
On Tue, 19 Oct 2021 13:10:15 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated comment in test
>
> Approved the PR. Thanks. I have a small comment on the C
On Thu, 30 Sep 2021 15:44:32 GMT, Weijun Wang wrote:
> Extra parameters need to be set for RSASSA-PSS signatures. We already have a
> helper method for that.
>
> Some other cleanups:
> 1. When using GET for OCSP, make sure no double slash.
> 2. Several throws clauses are not necessary.
>
> No
On Wed, 6 Oct 2021 16:58:51 GMT, Sean Coffey wrote:
> Use correct manifest file name in the Manifest verifier checks.
> Also - extra null check
>
> The test doesn't reproduce the exact issue reported but should prevent future
> regressions in this area.
Looks good.
-
Marked as
On Fri, 1 Oct 2021 14:43:24 GMT, Weijun Wang wrote:
>> Extra parameters need to be set for RSASSA-PSS signatures. We already have a
>> helper method for that.
>>
>> Some other cleanups:
>> 1. When using GET for OCSP, make sure no double slash.
>> 2. Several throws clauses are not necessary.
>>
On Tue, 14 Dec 2021 18:33:47 GMT, Valerie Peng wrote:
> Can someone help review this small fix? NSS returns PKCS11
> CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its
> token keys. So this fix is to add special handling for NSS token secret keys.
> There is already an
> This change does a few improvements to the output of `keytool -printcert
> -jarfile` command to help readability and diagnosis.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Updated TimestampCheck test and removed its
> This change does a few improvements to the output of `keytool -printcert
> -jarfile` command to help readability and diagnosis.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Update output per review c
On Tue, 26 Oct 2021 23:23:35 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update output per review comment
>
> src/java.base/share/classes/sun/security/too
> This change does a few improvements to the output of `keytool -printcert
> -jarfile` command to help readability and diagnosis.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Update while block code
-
C
On Thu, 28 Oct 2021 17:34:46 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update output per review comment
>
> src/java.base/share/classes/sun/security/too
On Thu, 14 Oct 2021 16:04:08 GMT, Hai-May Chao wrote:
> It'd be useful to have a -version option for keytool and jarsigner. Many
> other JDK tools already have a -version option. This is to add -version
> option to keytool and jarsigner like jar command does.
>
> CSR
This change does a few improvements to the output of `keytool -printcert
-jarfile` command to help readability and diagnosis.
-
Commit messages:
- 8257722: Improve "keytool -printcert -jarfile" output
Changes: https://git.openjdk.java.net/jdk/pull/6126/files
Webrev:
On Thu, 28 Oct 2021 21:13:40 GMT, Hai-May Chao wrote:
>> This change does a few improvements to the output of `keytool -printcert
>> -jarfile` command to help readability and diagnosis.
>
> Hai-May Chao has updated the pull request incrementally with one additional
>
> This change does a few improvements to the output of `keytool -printcert
> -jarfile` command to help readability and diagnosis.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Used LinkedHashSet
-
Changes:
On Tue, 26 Oct 2021 22:37:02 GMT, Hai-May Chao wrote:
> This change does a few improvements to the output of `keytool -printcert
> -jarfile` command to help readability and diagnosis.
This pull request has now been integrated.
Changeset: de93b1d0
Author: Hai-May Chao
URL:
`keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints`
class when performing algorithm constraints checks. This change is to enhance
`keytool` to make use of the new methods `DisabledAlgorithmConstraints.permits`
with `CertPathConstraintsParameters` and `checkKey`
When a named curve is disabled in `jdk.disabled.namedCurves` property which is
included in `jdk.jar.disabledAlgorithms` and `jdk.certpath.disabledAlgorithms`,
`jarsigner` should display the disabled named curve as a result of its disabled
algorithm constraint checking. This clarifies why an EC
On Mon, 14 Mar 2022 17:41:28 GMT, Hai-May Chao wrote:
> When a named curve is disabled in `jdk.disabled.namedCurves` property which
> is included in `jdk.jar.disabledAlgorithms` and
> `jdk.certpath.disabledAlgorithms`, `jarsigner` should display the disabled
> named curve as a r
> clarifies why an EC key is disabled in its warning and verbose output.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Check curve in jdk.security.legacyAlgorithms, and update testcase
-
Changes:
On Tue, 15 Mar 2022 01:16:59 GMT, Weijun Wang wrote:
>> When a named curve is disabled in `jdk.disabled.namedCurves` property which
>> is included in `jdk.jar.disabledAlgorithms` and
>> `jdk.certpath.disabledAlgorithms`, `jarsigner` should display the disabled
>> named curve as a result of
On Mon, 14 Mar 2022 17:41:28 GMT, Hai-May Chao wrote:
> When a named curve is disabled in `jdk.disabled.namedCurves` property which
> is included in `jdk.jar.disabledAlgorithms` and
> `jdk.certpath.disabledAlgorithms`, `jarsigner` should display the disabled
> named curve as a r
This fixes jarsigner to enforce checking against algorithm constraint
properties so when the signature algorithms parameters use disabled or legacy
algorithms, it will emit warnings accordingly. If the algorithm used in
parameters is disabled, jarsigner treats the jar as unsigned.
On Fri, 4 Feb 2022 01:19:51 GMT, Weijun Wang wrote:
>> The option means there is no need to provide a password when loading a
>> keystore. In some places in jarsigner and keytool, even with the option
>> specified, password is still prompted for or warnings are still shown.
>
> Weijun Wang has
On Wed, 2 Mar 2022 16:20:53 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Removed unneeded import and updated -verbose output
>
> src/jdk.jartool/share/classe
signed.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Removed unneeded import and updated -verbose output
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7582/files
- new: https://git.openjdk.java.net/jdk/pul
On Wed, 2 Mar 2022 15:30:22 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Removed unneeded import and updated -verbose output
>
> src/jdk.jartool/share/classe
signed.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Removed unused string
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7582/files
- new: https://git.openjdk.java.net/jdk/pull/7582/files/516d8bf0..2a73d
signed.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Use algname in output
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7582/files
- new: https://git.openjdk.java.net/jdk/pull/7582/files/2a73d1ef..d2cd7
On Thu, 3 Mar 2022 19:35:21 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Removed unused string
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main
signed.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
No need to do toUpperCase
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7582/files
- new: https://git.openjdk.java.net/jdk/pull/7582/files/d2cd7e
On Tue, 22 Feb 2022 22:00:05 GMT, Hai-May Chao wrote:
> This fixes jarsigner to enforce checking against algorithm constraint
> properties so when the signature algorithms parameters use disabled or legacy
> algorithms, it will emit warnings accordingly. If the algorithm used in
>
signed.
Hai-May Chao has updated the pull request incrementally with two additional
commits since the last revision:
- Updated -verbose output
- Updated -verbose output
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7582/files
- new: https://git.openjdk.java.net/j
On Wed, 2 Mar 2022 19:54:13 GMT, Weijun Wang wrote:
>> What does it look like now? Also, you might need to create a mapping in
>> `Resources.java` because "using" should only be shown when system language
>> is English.
>
> Also, what if it's another algorithm using another type of parameters?
This fixes jarsigner to enforce checking against algorithm constraint
properties so when the signature algorithms parameters use disabled or legacy
algorithms, it will emit warnings accordingly. If the algorithm used in
parameters is disabled, jarsigner treats the jar as unsigned.
On Tue, 22 Feb 2022 20:18:19 GMT, Hai-May Chao wrote:
> This fixes jarsigner to enforce checking against algorithm constraint
> properties so when the signature algorithms parameters use disabled or legacy
> algorithms, it will emit warnings accordingly. If the algorithm used in
>
On Fri, 25 Mar 2022 15:34:23 GMT, Weijun Wang wrote:
> Some spec cleanup.
Marked as reviewed by hchao (Committer).
-
PR: https://git.openjdk.java.net/jdk/pull/7961
On Fri, 25 Mar 2022 05:11:18 GMT, Valerie Peng wrote:
> Max, can you please help review this fix? It updates the two jarsigner tests
> which are added to the main trunk during the code review of JDK-8267319.
>
> Mach5 run succeeds.
> Thanks,
> Valerie
Marked as reviewed by hchao (Committer).
On Fri, 4 Feb 2022 23:02:21 GMT, Xue-Lei Andrew Fan wrote:
> Please review this trivial code clean up, for a little bit better performance.
Marked as reviewed by hchao (Committer).
Looks good to me.
-
PR: https://git.openjdk.java.net/jdk/pull/7356
On Thu, 3 Feb 2022 18:32:42 GMT, Weijun Wang wrote:
>> Add the `-providerPath` option to jarsigner to be consistent with keytool.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> no need to append to null
Code change looks
On Tue, 1 Feb 2022 21:54:29 GMT, Sean Mullan wrote:
> This fixes a bootstrapping issue if a custom system class loader is set with
> the `-Djava.system.class.loader` option and the custom class loader is inside
> a signed JAR. In order to load the custom class loader, the runtime must
>
On Thu, 3 Feb 2022 18:32:42 GMT, Weijun Wang wrote:
>> Add the `-providerPath` option to jarsigner to be consistent with keytool.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> no need to append to null
Marked as reviewed
This is to fix `DomainKeyStore::engineAliases` to take into account that there
may be empty keystore(s) within the collection of keystores of a domain
keystore.
-
Commit messages:
- 8265765: DomainKeyStore may stop enumerating aliases if a constituting
KeyStore is empty
Changes:
> This is to fix `DomainKeyStore::engineAliases` to take into account that
> there may be empty keystore(s) within the collection of keystores of a domain
> keystore.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Testcas
On Tue, 8 Feb 2022 23:03:41 GMT, Weijun Wang wrote:
>> This is to fix `DomainKeyStore::engineAliases` to take into account that
>> there may be empty keystore(s) within the collection of keystores of a
>> domain keystore.
>
> Looks good to me.
>
> Do you want to play with text blocks in the
On Tue, 8 Feb 2022 17:13:53 GMT, Hai-May Chao wrote:
> This is to fix `DomainKeyStore::engineAliases` to take into account that
> there may be empty keystore(s) within the collection of keystores of a domain
> keystore.
This pull request has now been integrated.
Changeset: 178b96
; and `checkKey` parameters. For the keyusage in the EE certificate of a
> certificate chains, set the variant accordingly when calling
> `CertPathConstraintsParameters` constructor.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the las
On Thu, 13 Jan 2022 16:31:35 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update with review comments
>
> src/java.base/share/classes/sun/security/tools/keytool
; and `checkKey` parameters. For the keyusage in the EE certificate of a
> certificate chains, set the variant accordingly when calling
> `CertPathConstraintsParameters` constructor.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revisi
101 - 200 of 259 matches
Mail list logo