On Fri, 18 Apr 2025 14:58:41 GMT, Matthew Donovan <mdono...@openjdk.org> wrote:
>> This PR updates the CertificateBuilder with a new method that creates a new >> instance with common fields (subject name, public key, serial number, >> validity, and key uses) filled-in. One test, IPIdentities.java, is updated >> to show how the method can be used to create various certificates. I >> attached screenshots that compare the old hard-coded certificates (left) >> with the new generated certificates. >> >>  >>  >>  > > Matthew Donovan has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 10 commits: > > - expanded wildcard imports > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - reversed order of DN strings when making certificates. > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - changed boolean array initialization > - 8325766: Review seclibs tests for cert expiry test/lib/jdk/test/lib/security/CertificateBuilder.java line 109: > 107: */ > 108: public static CertificateBuilder newCertificateBuilder(String > subjectName, > 109: PublicKey publicKey, PublicKey caKey, > KeyUsage... keyUsages) My suggestion is to make this a regular constructor and have an additional method that sets the certificate lifetime as a `Duration` parameter, ex: `new CertificateBuilder(subject, pubKey, caPubKey, keyUsage).withValidity(Duration.ofHours(1));` ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r2116514041
