Re: RFR: 8292033: Move jdk.X509Certificate event logic to JCA layer [v5]

Wed, 09 Nov 2022 09:00:42 -0800 

On Tue, 8 Nov 2022 16:22:55 GMT, Sean Mullan <mul...@openjdk.org> wrote:

> > 
> 
> My vote would be to leave it out. `keytool` already emits warnings when weak 
> algorithms are used. It seems we both agree that few users, will likely 
> enable JFR on `keytool`. We could always add these events later, but it is 
> harder to remove them once they are in there.

I'm fine with that suggestion Sean. I've removed the event form the CertAndGen 
class. Turns out that the keytool will load the new cert via the standard 
`CertificateFactory.generateCertificate` call at a later stage anyhow! [1]

Tests modified also to capture this.

[1]

jdk.X509Certificate {
  startTime = 11:36:48.208 (2022-11-09)
  algorithm = "SHA384withRSA"
  serialNumber = "fe9b213c1345aadd"
  subject = "CN=8292033.oracle.com, OU=JPG, C=US"
  issuer = "CN=8292033.oracle.com, OU=JPG, C=US"
  keyType = "RSA"
  keyLength = 2048
  certificateId = -749360774
  validFrom = 11:36:48.000 (2022-11-09)
  validUntil = 11:36:48.000 (2023-11-09)
  eventThread = "main" (javaThreadId = 1)
  stackTrace = [
    sun.security.jca.JCAUtil.tryCommitCertEvent(Certificate) line: 126
    java.security.cert.CertificateFactory.generateCertificate(InputStream) 
line: 356
    sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(DerInputStream) line: 
2428
    sun.security.pkcs12.PKCS12KeyStore.lambda$engineLoad$1(AlgorithmParameters, 
byte[], char[]) line: 2127
    
sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore$RetryWithZero,
 char[]) line: 257
    sun.security.pkcs12.PKCS12KeyStore.engineLoad(InputStream, char[]) line: 
2118
    sun.security.util.KeyStoreDelegator.engineLoad(InputStream, char[]) line: 
228
    java.security.KeyStore.load(InputStream, char[]) line: 1500
    java.security.KeyStore.getInstance(File, char[], 
KeyStore$LoadStoreParameter, boolean) line: 1828
    java.security.KeyStore.getInstance(File, char[]) line: 1709
    sun.security.tools.keytool.Main.doCommands(PrintStream) line: 1390
    sun.security.tools.keytool.Main.run(String[], PrintStream) line: 419
    sun.security.tools.keytool.Main.main(String[]) line: 412

-------------

PR: https://git.openjdk.org/jdk/pull/10422

Reply via email to