On Fri, 12 May 2023 02:23:17 GMT, Valerie Peng wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>
On Fri, 12 May 2023 02:23:17 GMT, Valerie Peng wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>
On Fri, 12 May 2023 02:23:17 GMT, Valerie Peng wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>
On Fri, 12 May 2023 17:50:22 GMT, Hai-May Chao wrote:
> Changes look good to me. Nice to add the cert chain (i.e. root/ca1/pk1) to
> the test case. The raw file `temp.ks` is shown in the webrev (to be created
> by the test), so will not be part of the integration, right?
temp,ks will be part o
On Fri, 12 May 2023 02:23:17 GMT, Valerie Peng wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>
> Could someone help review this PKCS11KeyStore fix regarding the cert chain
> removal?
>
> The proposed fix will not remove the cert if it has a corresponding private
> key or is an issuer of other entities in the same keystore.
>
> Thanks,
> Valerie
Valerie Peng has updated the pull request
On Fri, 5 May 2023 22:59:06 GMT, Weijun Wang wrote:
>> Hmm, I think the rest of chain should still be checked and removed if no
>> dependents for them.
>
> Of course, I was only talking about the final return value.
>
> And, I take back my words. This method should return true no matter what
>
On Fri, 5 May 2023 21:39:13 GMT, Valerie Peng wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
>> line 2031:
>>
>>> 2029: cert.getSubjectX500Principal() + "]");
>>> 2030: }
>>> 2031: } else {
>>
On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain
> removal?
>
> The proposed fix will not remove the cert if it has a corresponding private
> key or is an issuer of other entities in the same keystore.
>
> Thanks
On Fri, 5 May 2023 20:20:44 GMT, Weijun Wang wrote:
> > Or, do you know if there are JDK test utilities which support this?
>
> Just `SecurityTools.keytool`.
I can give it a try. But if it turns out taking much longer (time and code),
then I'd prefer just to go with PEM data files as I don't s
On Fri, 5 May 2023 16:46:16 GMT, Weijun Wang wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>>
On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain
> removal?
>
> The proposed fix will not remove the cert if it has a corresponding private
> key or is an issuer of other entities in the same keystore.
>
> Thanks
On Fri, 5 May 2023 19:43:31 GMT, Valerie Peng wrote:
>> test/jdk/sun/security/pkcs11/KeyStore/CertChainRemoval.java line 176:
>>
>>> 174:
>>> 175: // should only have "pk1" now
>>> 176: checkEntry(ks, "pk1", pk1Chain);
>>
>> When the kesytore should only have "pk1” now, how wou
On Fri, 5 May 2023 20:07:18 GMT, Valerie Peng wrote:
> Or, do you know if there are JDK test utilities which support this?
Just `SecurityTools.keytool`.
-
PR Comment: https://git.openjdk.org/jdk/pull/13743#issuecomment-1536736209
On Fri, 5 May 2023 16:43:03 GMT, Weijun Wang wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>>
On Fri, 5 May 2023 16:57:56 GMT, Weijun Wang wrote:
> Is it possible to generate the keys and certs on the fly?
Possible. For testing things not related to generation, using existing
key/certs simplifies the setup and can be reused easily. Or, do you know if
there are JDK test utilities which
On Tue, 2 May 2023 22:42:13 GMT, Hai-May Chao wrote:
>> Could someone help review this PKCS11KeyStore fix regarding the cert chain
>> removal?
>>
>> The proposed fix will not remove the cert if it has a corresponding private
>> key or is an issuer of other entities in the same keystore.
>>
>>
On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain
> removal?
>
> The proposed fix will not remove the cert if it has a corresponding private
> key or is an issuer of other entities in the same keystore.
>
> Thanks
On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain
> removal?
>
> The proposed fix will not remove the cert if it has a corresponding private
> key or is an issuer of other entities in the same keystore.
>
> Thanks
On Mon, 1 May 2023 19:49:05 GMT, Valerie Peng wrote:
> Could someone help review this PKCS11KeyStore fix regarding the cert chain
> removal?
>
> The proposed fix will not remove the cert if it has a corresponding private
> key or is an issuer of other entities in the same keystore.
>
> Thanks
Could someone help review this PKCS11KeyStore fix regarding the cert chain
removal?
The proposed fix will not remove the cert if it has a corresponding private key
or is an issuer of other entities in the same keystore.
Thanks,
Valerie
-
Commit messages:
- JDK-8301154: SunPKCS11
21 matches
Mail list logo
