On Fri, 21 Feb 2025 15:05:00 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Changed shell files to be java tests: >> * ./validator/certreplace.sh >> * ./validator/samedn.sh > > test/jdk/sun/security/validator/CertReplace.java line 117: > >> 115: final String outputInt = SecurityTools.keytool(ktBaseParameters >> + >> 116: "-export -rfc >> -alias int").getOutput(); >> 117: Files.write(certPath, outputInt.getBytes(), >> StandardOpenOption.APPEND); > > There are several places that can be enhanced, mainly to reduce `keytool` > calling: > 1. There is no need to export certs for `user` and `int`. You already created > them as `user.cert` and `int.cert`. > 2. Since "certreplace.certs" starts with "user.cert", you can directly > `keytool -gencert` into this file on line 103. > 3. There is no need to import "user.cert" to alias user since we will delete > the entry anyway. > 4. Consider replacing `keytool -import` and `keytool -delete` calls using > `KeyStore` API. You can enhance `KeyStoreUtils` in `/test/lib` if worth doing. done in the next commit ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23727#discussion_r1965868298
