Enhance toString() to return structured info, for certificate and probably more

Dennis Gu dennis.gu at oracle.com
Wed Sep 14 15:05:23 UTC 2011


Hi Max:

In Java plugin, we display the detail information of certificate in both 
Java Control panel and certificate dialog box from security warning, we 
also extract entension from certificate to make sure they are valid to use.

Currently we are parsing the X509Certificate object to extract all the 
detail information of certificate, the fields of certificate we need to 
display are match to IE browser certificate information.

Yes, it would be helpful to provide a API/Object for deployment code to 
retrieve those information.

Dennis

Weijun Wang wrote:

> Hi All
>
> I was talking with Xuelei on how to better display certificate info. 
> There are 3 cases we can currently think of:
>
> 1. debug output
> 2. keytool/jarsigner output
> 3. Java plugin display
>
> The 1st one is the most primitive one and can be a single string, the 
> 2nd is also a string but have some format and needs to localized, the 
> third is a series of Swing controls.
>
> But the contents of all 3 are the same, and hopefully can be provided 
> in a single method. Each consumer can just display it in its own 
> style, with no need to understand Certificate fields, OIDs, etc. It's 
> just like XSLT transformation of XML files.
>
> So what shall I do? Let toString() outputs a long string in XML or JSON?
>
> Or, create a new method describe() or toDescription() that returns a 
> UnmodifiableMap (based on a LinkedHashMap to preserve order)?
>
> I prefer the latter because there is no need to parse the output, and 
> at least in the case of certificate, since a certificate contains 
> extensions, it's very easy to stuff several maps inside another one. 
> The map's keys are strings, and values can be another map or a simple 
> data object, say, primitive, string, or Date.
>
> So this needs a new interface Descriptable. It can either be:
>
>    interface sun.security.util.Descriptable;
>    sun.security.x509.X509CertImpl implements Descriptable;
>    sun.security.x509.Extension implements Descriptable;
>
> or
>
>    interface java.security.Descriptable;
>    java.security.cert.X509Certificate implements Descriptable;
>    java.security.cert.Extension implements Descriptable;
>
> or if there are other people find it useful, it can be inside the 
> java.util package.
>
> What's your ideas? Do you also need such a method?
>
> Thanks
> Max



More information about the security-dev mailing list