On Tue, 25 Oct 2022 14:56:15 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> By moving the JFR event up to the java.security.cert.CertificateFactory >> class, we can record all generate cert events, including those from 3rd >> party providers. I've also altered the logic so that an event is genertate >> for every generate cert call (not just ones missing from the JDK provider >> implementation cache) >> >> test case also updated to capture new logic > > Sean Coffey has updated the pull request incrementally with one additional > commit since the last revision: > > Use X500Principal#toString() I think this will miss cases where the certificates are part of a chain, and the application (or JDK code) is calling `CertificateFactory.generateCertPath` or `generateCertificates`, whereas the previous code would not have missed it (if not using a 3rd-party provider) as it was firing the event at a lower layer in the provider code. I think this is fixable though. In these methods, you can iterate over the certificates that are in the `Collection` or `CertPath` and log an event for each. ------------- PR: https://git.openjdk.org/jdk/pull/10422
