Enhance toString() to return structured info, for certificate and probably more

Weijun Wang weijun.wang at oracle.com
Thu Aug 25 19:22:27 PDT 2011


Well, I mentioned toString() there just to make it look absurd so that I 
can promote my alternative method. :)

As for the toDescription() method, do you know if there are other cases 
it can be useful?

Thanks
Max


On 08/26/2011 10:03 AM, Mike Duigou wrote:
>
> On Aug 25 2011, at 14:01 , Dr Andrew John Hughes wrote:
>
>> On 10:41 Thu 25 Aug     , Weijun Wang wrote:
>>> Hi All
>>>
>>> I was talking with Xuelei on how to better display certificate info.
>>> There are 3 cases we can currently think of:
>>>
>>> 1. debug output
>>> 2. keytool/jarsigner output
>>> 3. Java plugin display
>>>
>>> The 1st one is the most primitive one and can be a single string, the
>>> 2nd is also a string but have some format and needs to localized, the
>>> third is a series of Swing controls.
>>>
>>> But the contents of all 3 are the same, and hopefully can be provided in
>>> a single method. Each consumer can just display it in its own style,
>>> with no need to understand Certificate fields, OIDs, etc. It's just like
>>> XSLT transformation of XML files.
>>>
>>> So what shall I do? Let toString() outputs a long string in XML or JSON?
>>>
>>
>> I be against that.  It goes against the usual expectation of toString output
>> being (fairly) human-readable.
>
> I agree. The format of toString() should favour debugging uses rather than machine readable. Other than for primitive types it's usually a mistake if the output of toString() meant to be machine parsed. If there needs to be machine parsable text representation then that should be on some other method.
>
> Secondly, the toString output format, being for debugging doesn't need to display every byte of the data, in some cases such as a 4096 RSA key, the hash value of the key is generally more useful than emitting the whole key. No reasonable human comparing two traces would want to check 8192 hex bytes to see if two keys match. Making it easy by printing the key hash helps a lot.
>
> Mike
>



More information about the security-dev mailing list