On Wed, 2 Nov 2022 15:42:08 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> By moving the JFR event up to the java.security.cert.CertificateFactory >> class, we can record all generate cert events, including those from 3rd >> party providers. I've also altered the logic so that an event is genertate >> for every generate cert call (not just ones missing from the JDK provider >> implementation cache) >> >> test case also updated to capture new logic > > Sean Coffey has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 21 commits: > > - code clean up > - funnel cert events via generateCertificate only > - Revert use of x509 constructor helper in some areas. Clean up tests > - modules fix up in test > - Capture CertAndKeyGen certs > - import clean up > - Copyright year update > - Merge branch 'master' into 8292033-x509Event > - record events for internal constructor calls. Expand testing > - Use X500Principal#toString() > - ... and 11 more: https://git.openjdk.org/jdk/compare/cf5546b3...f430a3ee src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 289: > 287: public X509CertImpl(X509CertInfo certInfo) { > 288: this.info = certInfo; > 289: JCAUtil.tryCommitCertEvent(this); Why do we need to record this as an event? This is an incomplete (unsigned) certificate. ------------- PR: https://git.openjdk.org/jdk/pull/10422
