On Tue, 25 Oct 2022 14:56:15 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> By moving the JFR event up to the java.security.cert.CertificateFactory >> class, we can record all generate cert events, including those from 3rd >> party providers. I've also altered the logic so that an event is genertate >> for every generate cert call (not just ones missing from the JDK provider >> implementation cache) >> >> test case also updated to capture new logic > > Sean Coffey has updated the pull request incrementally with one additional > commit since the last revision: > > Use X500Principal#toString() Thanks for the feedback Sean. Yes - this event should also cater for the internal `new X509CertImpl` type calls that are sprinkled through some of the security libraries. Some look a bit suspicious perhaps ? I see OCSP/CertPath type calls to `new X509CertImpl` --- given that CertPath and CertificateFactory are viewed as two different services at the JCA level, I wonder if they should be routing calls back to `java.security.cert.CertificateFactory#generateCertificate` when generating certs ? I'll study further and see if we can maximize the number of X509Certificate JFR events that are captured. ------------- PR: https://git.openjdk.org/jdk/pull/10422
