> This enhancement simplifies and improves the performance of the Comparator > that the PKIX CertPathBuilder uses to sort candidate certificates. > > [RFC 5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.1) requires > that certificates include authority and subject key identifiers to facilitate > cert path discovery. When the certificates comply with RFC 5280, the sorting > algorithm is fast and efficient. However, there may be cases where > certificates do not include the proper KIDs, for legacy or other reasons. > This enhancement targets those cases and has shown an increase in performance > of `CertPathBuilder.build` by up to 2x in tests involving certificates that > do not contain KIDs. Specific changes include: > > - Removed and simplified some of the steps in `PKIXCertComparator.compare` > method. Some of these steps were not a good representation of common > certificate hierarchies and were overly expensive to perform. > - Several methods in `X500Name` and `Builder` have been made obsolete and > thus removed. > - `X500Name` has been changed to use shared secrets instead of reflection to > access non-public members of `X500Principal`, and vice-versa. > - The `CertificateBuilder` test code has been enhanced to set reasonable > defaults for serial number and validity fields of a certificate
Sean Mullan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision: - Weijun's comments. - Merge - Fix whitespace error. Improve debugging. Change return value of distanceToCommonAncestor(). - Add more comments. Remove unnecessary import. - Fix whitespace. - Update copyrights. - Merge - Simplify and improve performance of PKIXCertComparator. - Regression test. - Use shared secrets instead of reflection. - ... and 5 more: https://git.openjdk.org/jdk/compare/fdb17ad8...20b714dd ------------- Changes: - all: https://git.openjdk.org/jdk/pull/17248/files - new: https://git.openjdk.org/jdk/pull/17248/files/7a91821b..20b714dd Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=17248&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=17248&range=02-03 Stats: 208166 lines in 4462 files changed: 72796 ins; 106611 del; 28759 mod Patch: https://git.openjdk.org/jdk/pull/17248.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/17248/head:pull/17248 PR: https://git.openjdk.org/jdk/pull/17248
