On Thu, 3 Nov 2022 17:54:35 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Do you think it is that useful to have keytool record events? Ok, I guess
> some apps could be execing keytool, but that would be in a separate process,
> and probably wouldn't have JFR enabled. Also, these certs, if used for
> authentication usages will eventually come back into the runtime through
> CertificateFactory.
I figured it would be useful. keytool is an important generator of X509 certs.
Why not give the opportunity to record them if JFR is enabled etc ?
-J-XX:StartFlightRecording passed to keytool is sufficient to capture a
recording.
The certs could be deployed out to any software stack I guess. Java being one
possibility.
I see your point about recording of constructor with X509CertInfo now. The
keytool eventually re-loads the newly generated cert. I'll look at editing.
(duplicate record)
jdk.X509Certificate {
startTime = 23:16:53.687 (2022-11-03)
algorithm = N/A
serialNumber = "44ffbec5b6f38b64"
subject = "CN=test.oracle.com, OU=JPG, C=US"
issuer = "CN=test.oracle.com, OU=JPG, C=US"
keyType = "RSA"
keyLength = 2048
certificateId = 0
validFrom = 23:16:53.686 (2022-11-03)
validUntil = 23:16:53.686 (2023-11-03)
eventThread = "main" (javaThreadId = 1)
stackTrace = [
sun.security.jca.JCAUtil.tryCommitCertEvent(Certificate) line: 129
sun.security.x509.X509CertImpl.<init>(X509CertInfo) line: 290
sun.security.tools.keytool.CertAndKeyGen.getSelfCertificate(X500Name, Date,
long, CertificateExtensions) line: 340
sun.security.tools.keytool.Main.doGenKeyPair(String, String, String, int,
String, String, String) line: 2013
sun.security.tools.keytool.Main.doCommands(PrintStream) line: 1180
...
]
}
jdk.X509Certificate {
startTime = 23:16:53.901 (2022-11-03)
algorithm = "SHA384withRSA"
serialNumber = "44ffbec5b6f38b64"
subject = "CN=test.oracle.com, OU=JPG, C=US"
issuer = "CN=test.oracle.com, OU=JPG, C=US"
keyType = "RSA"
keyLength = 2048
certificateId = 1683785197
validFrom = 23:16:53.000 (2022-11-03)
validUntil = 23:16:53.000 (2023-11-03)
eventThread = "main" (javaThreadId = 1)
stackTrace = [
sun.security.jca.JCAUtil.tryCommitCertEvent(Certificate) line: 129
java.security.cert.CertificateFactory.generateCertificate(InputStream)
line: 356
sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(DerInputStream) line:
2428
sun.security.pkcs12.PKCS12KeyStore.lambda$engineLoad$1(AlgorithmParameters,
byte[], char[]) line: 2127
sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore$RetryWithZero,
char[]) line: 257
]
-------------
PR: https://git.openjdk.org/jdk/pull/10422
