JDK 8 Code Review Request: 6500133/6931888: CertificateParsingException for CDP
Sean Mullan
sean.mullan at oracle.com
Fri Aug 17 17:54:58 UTC 2012
Looks good. I'll push the changeset for you.
--Sean
On 08/15/2012 07:37 PM, Jason Uh wrote:
> Thanks, Sean.
>
> New webrev updated with your suggestions:
> http://cr.openjdk.java.net/~juh/6500133/webrev.01/
>
> Jason
>
> On 08/15/2012 10:38 AM, Sean Mullan wrote:
>> This looks good to me. Couple of comments:
>>
>> 111: Can you add a comment, something like "Try parsing the URI again
>> after encoding/escaping any illegal characters".
>>
>> 113-4: When this code was written there probably wasn't yet an
>> IOException(String, Throwable) ctor. Now there is, so you can change
>> this to:
>>
>> throw new IOException("invalid URI name:" + name, use2);
>>
>> There are also a couple other places in URIName where you can replace
>> the same code using initCause with the IOExc ctor above. That's a
>> low-risk refactoring you can include in this change.
>>
>> --Sean
>>
>> On 08/14/2012 11:51 PM, Jason Uh wrote:
>>> Hi all,
>>>
>>> This change fixes --
>>> 6500133: CertificateParsingException for CRL Distribution Point with
>>> blank; and
>>> 6931888: Inconsistent behavior for invalid URI name in cert file
>>>
>>> CRs:
>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6500133
>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6931888
>>>
>>> They are effectively duplicates, both regarding an exception thrown when
>>> parsing CRL Distribution Point URIs with invalid characters, like a
>>> space or backslash. This change uses
>>> sun.net.www.ParseUtil.encodePath(String) to re-encode bad URIs.
>>>
>>> Webrev: http://cr.openjdk.java.net/~juh/6500133/webrev.00/
>>>
>>> Thanks,
>>> Jason
>>
More information about the security-dev
mailing list