On 03/30/2015 11:57 PM, Wang Weijun wrote:
Hi Sean
Are you OK with this?
CertificateExtensions.java
==========================
Since we don't use names as keys, CertificateExtensions is not a typical
CertAttrSet now. Remove the implements clause.
Almost every class in the x509 package is built around the CertAttrSet and they
together weave an elegant net. It will be nice if CertificateExtensions can
only use the hierarchical names as keys, but unfortunately, it has to use OID
sometimes.
My suggestion above breaks it from the CertAttrSet net. I won't dare to do this
before jdk9 because people outside might use these classes, but now it's
probably safe to do so.
Well, they may still be able to use them in JDK 9 if they go through
some extra hoops.
I think that we should proceed with care, and avoid making too many
changes to these internal APIs if we can. Although we don't want anyone
using these classes, sun.security.x509 is one of the older internal
packages, so there is somewhat of a higher risk we will break existing
code. That said, it shouldn't be a rule, since there were never any
guarantees to begin with.
So I would be slightly in favor of leaving it as is for now as long as
it isn't causing any other issues. In JDK 10, we can be more aggressive
about adapting these internal APIs as we see fit.
--Sean
Said that, CertificateExtensions is now an alien. Although its sibling
CRLExtensions has always been one.
Thanks
Max
