On Wed, 2 Nov 2022 15:42:08 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> By moving the JFR event up to the java.security.cert.CertificateFactory >> class, we can record all generate cert events, including those from 3rd >> party providers. I've also altered the logic so that an event is genertate >> for every generate cert call (not just ones missing from the JDK provider >> implementation cache) >> >> test case also updated to capture new logic > > Sean Coffey has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 21 commits: > > - code clean up > - funnel cert events via generateCertificate only > - Revert use of x509 constructor helper in some areas. Clean up tests > - modules fix up in test > - Capture CertAndKeyGen certs > - import clean up > - Copyright year update > - Merge branch 'master' into 8292033-x509Event > - record events for internal constructor calls. Expand testing > - Use X500Principal#toString() > - ... and 11 more: https://git.openjdk.org/jdk/compare/cf5546b3...f430a3ee Do you think it is that useful to have keytool record events? Ok, I guess some apps could be execing keytool, but that would be in a separate process, and probably wouldn't have JFR enabled. Also, these certs, if used for authentication usages will eventually come back into the runtime through CertificateFactory. ------------- PR: https://git.openjdk.org/jdk/pull/10422
