Re: RFR 8058778: New APIs for creating certificates and certificate requests

Fri, 08 Jan 2016 12:39:07 -0800 

On 01/07/2016 10:38 PM, Wang Weijun wrote:



On Jan 8, 2016, at 6:06 AM, Sean Mullan <sean.mul...@oracle.com>
wrote:



* CertificateFactorySpi

Need more details on how inStream is parsed.


I thought a "@see CertificateFactory#generateCertificateRequest" is
enough. I do noticed that
CertificateFactorySpi#engineGenerateCertificate copies all spec from
CertificateFactory#generateCertificate.



I think if you specifically linked to that from the method description 
it would be sufficient, ex: "For details on how inStream is parsed, see 
...", but an @see on its own is more like an FYI and does not imply that 
it is part of the specification.



* X509Certificate

657      * A builder that builds X.509 v3 certificates and
certificate requests.

Why only v3? I think we need to allow this to support other
versions, if there ever are any.


IMO no one wants v1 or v2 now. Or are you thinking of a future
version?


Yes.


That said, I can add a version(Enum) method. If it's v1 or v2
extensions will be ignored, if >3, UOE.



Actually maybe just keep it simple for now and assume v3 is the default. 
We can always add this method later if necessary.




772         String getDefaultSigAlgName(PrivateKey key);

This seems like it should just be a static utility method, and not
something every subclass has to implement.


But only the provider (X509Factory here) knows about the return
values, and another provider can return different values.



Can you remind me why this needs to be a public method? Why can't this 
be an implementation detail when the caller doesn't specify a signature 
algorithm?



1064     public static class GeneralName {

This should be a standalone class, since we may leverage it in
other APIs that are not X509Certificate specific.


Honestly the current GeneralName is not quite useful. It is only used
as a *parameter* in building certificates. A real GeneralName needs
getEncoded().


If we are going to add this class, I think it should be generally useful.


Or, we can do it like

interface GeneralName { byte[] getEncoded(); }


and an enum for the type and a getType method?



class X509Certificate.Builder { GeneralName newGeneralName(int/Enum
type, String svalue); GeneralName newGeneralName(int/Enum type,
byte[] value); }


Ok.

--Sean

























					Reply via email to