On Fri, 4 Nov 2022 15:58:01 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> By moving the JFR event up to the java.security.cert.CertificateFactory >> class, we can record all generate cert events, including those from 3rd >> party providers. I've also altered the logic so that an event is genertate >> for every generate cert call (not just ones missing from the JDK provider >> implementation cache) >> >> test case also updated to capture new logic > > Sean Coffey has updated the pull request incrementally with one additional > commit since the last revision: > > Further code review comments and new keytool test coverage with JFR I'd agree with your thoughts. While it may not be a threat level, it's still a useful information point, especially in environments where hard coded values might get embedded in some type of key generation tool. Not many might be interested but there's a option there now with JFR to view this data at least. I don't think many will configure keytool to run with JFR. Happy to revert the keytool change but I don't see it being too invasive in code changes. ------------- PR: https://git.openjdk.org/jdk/pull/10422
