On Wed, 10 Feb 2021 22:41:26 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Test case added and not overriding -ext fix
>
> test/jdk/sun/security/tools/keytool/CheckCertAKID.java line 69:
>
>> 67: .shouldContain("0000: 00 01 02 03 04 05 06 07 08 09 10
>> 11 12 13 14 15")
>> 68: .shouldContain("0010: 16 17 18 19")
>> 69: .shouldHaveExitValue(0);
>
> Or you can directly read the certificate and look at its extensions using
> some API.
The current method serves the need to verify the accuracy of the AKID for this
PR, and it looks straightforward to perceive I think. The API such as
cert.getExtensionValue(KnownOIDs.AuthorityKeyID.value()), and new DerValue to
getOctetString() could also be used.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2343
