Looks fine in general. Please make sure all regression tests are passed. Thanks, Xuelei
On 11/7/2011 7:34 PM, Weijun Wang wrote: > Description: > > keytool uses CertAndKeyGen to generate a basic self-signed certificate > with no extensions. When -ext option was introduced, -genkeypair was > implemented as original -genkeypair plus -selfcert, and extensions info > was added in the -selfcert step. > > This means the keystore object is modified twice in this single > operation. In the case of PKCS11 or MSCAPI, it is actually written to > the token twice. If a token can only be written once, the action will fail. > > Webrev: > > http://cr.openjdk.java.net/~weijun/7109096/webrev.00/ > > No new regression test (noreg-cleanup). > > Note: NetBeans consolidates the multiple import lines in CertAndKeyGen > into one. I'm not against that. > > Thanks > Max
