On Thu, 3 Nov 2022 17:40:53 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Sean Coffey has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 21 commits: >> >> - code clean up >> - funnel cert events via generateCertificate only >> - Revert use of x509 constructor helper in some areas. Clean up tests >> - modules fix up in test >> - Capture CertAndKeyGen certs >> - import clean up >> - Copyright year update >> - Merge branch 'master' into 8292033-x509Event >> - record events for internal constructor calls. Expand testing >> - Use X500Principal#toString() >> - ... and 11 more: https://git.openjdk.org/jdk/compare/cf5546b3...f430a3ee > > src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 289: > >> 287: public X509CertImpl(X509CertInfo certInfo) { >> 288: this.info = certInfo; >> 289: JCAUtil.tryCommitCertEvent(this); > > Why do we need to record this as an event? This is an incomplete (unsigned) > certificate. good point. this constructor is mainly used by keytool. Would it make sense if I committed the event after the cert details are signed ? ------------- PR: https://git.openjdk.org/jdk/pull/10422
