I only run tests on my Linux before posting the webrev. Then, in the
pre-push JPRT run, it fails on all Solaris!
Turns out that CertAndKeyGen has
public X509Key getPublicKey()
{
if (!(publicKey instanceof X509Key)) {
return null;
}
return (X509Key)publicKey;
}
So the public key, which I guess is a P11RSAPublicKey, is now null. I'll
try to find a workaround.
Thanks
Max
On 11/08/2011 11:19 AM, Xuelei Fan wrote:
Looks fine in general. Please make sure all regression tests are passed.
Thanks,
Xuelei
On 11/7/2011 7:34 PM, Weijun Wang wrote:
Description:
keytool uses CertAndKeyGen to generate a basic self-signed certificate
with no extensions. When -ext option was introduced, -genkeypair was
implemented as original -genkeypair plus -selfcert, and extensions info
was added in the -selfcert step.
This means the keystore object is modified twice in this single
operation. In the case of PKCS11 or MSCAPI, it is actually written to
the token twice. If a token can only be written once, the action will fail.
Webrev:
http://cr.openjdk.java.net/~weijun/7109096/webrev.00/
No new regression test (noreg-cleanup).
Note: NetBeans consolidates the multiple import lines in CertAndKeyGen
into one. I'm not against that.
Thanks
Max
