Re: RFR: 8325766: Review seclibs tests for cert expiry [v4]

[Artur Barashev]

On Fri, 18 Apr 2025 14:58:41 GMT, Matthew Donovan <mdono...@openjdk.org> wrote:

>> This PR updates the CertificateBuilder with a new method that creates a new 
>> instance with common fields (subject name, public key, serial number, 
>> validity, and key uses) filled-in. One test, IPIdentities.java, is updated 
>> to show how the method can be used to create various certificates. I 
>> attached screenshots that compare the old hard-coded certificates (left) 
>> with the new generated certificates.
>> 
>> ![trusted-cert](https://github.com/user-attachments/assets/4bfaca10-74f3-4d24-9796-288358ae00e1)
>> ![server-cert](https://github.com/user-attachments/assets/51ce8ed2-0784-44ab-96a1-9d0a2ea66aaa)
>> ![client-cert](https://github.com/user-attachments/assets/5090a71e-ef7a-4303-ae1a-78f89878d1c0)
>
> Matthew Donovan has updated the pull request with a new target base due to a 
> merge or a rebase. The pull request now contains 10 commits:
> 
>  - expanded wildcard imports
>  - Merge branch 'master' into certbuilder
>  - Merge branch 'master' into certbuilder
>  - reversed order of DN strings when making certificates.
>  - Merge branch 'master' into certbuilder
>  - Merge branch 'master' into certbuilder
>  - Merge branch 'master' into certbuilder
>  - Merge branch 'master' into certbuilder
>  - changed boolean array initialization
>  - 8325766: Review seclibs tests for cert expiry

test/lib/jdk/test/lib/security/CertificateBuilder.java line 139:

> 137:      */
> 138:     public static SubjectAlternativeNameExtension 
> createDNSSubjectAltNameExt(
> 139:             boolean critical, String dnsName) throws IOException {

Any particular reason for having this method? We already have 
`addSubjectAltNameDNSExt` method below.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r2050785449