On Tue, 3 Jun 2025 13:11:31 GMT, Matthew Donovan <mdono...@openjdk.org> wrote:
>> This PR updates the CertificateBuilder with a new method that creates a new >> instance with common fields (subject name, public key, serial number, >> validity, and key uses) filled-in. One test, IPIdentities.java, is updated >> to show how the method can be used to create various certificates. I >> attached screenshots that compare the old hard-coded certificates (left) >> with the new generated certificates. >> >>  >>  >>  > > Matthew Donovan has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 12 commits: > > - fixed redundant setNotAfter() calls. One of them should have been > setNotBefore > - Merge branch 'master' into certbuilder > - expanded wildcard imports > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - reversed order of DN strings when making certificates. > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - ... and 2 more: https://git.openjdk.org/jdk/compare/e490b4f0...2b5533aa test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java line 390: > 388: > 389: // create a key store > 390: KeyStore ks = KeyStore.getInstance("JKS"); I suggest changing a key store type to `PKCS12`, should be a better choice in the long run. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r2164477518
