RFR 8072394: java.security.cert.PolicyQualifierInfo needs value-based equality

Sean Mullan sean.mullan at oracle.com
Fri Feb 20 22:23:13 UTC 2015

On 02/17/2015 09:30 AM, Florian Weimer wrote:
> On 02/16/2015 11:13 PM, Sean Mullan wrote:
>>> Based on that, PolicyQualifierInfo should have implemented value-based
>>> equals() and hashCode(), and the identity-based set is just a bug.  (But
>>> the requirement I cited is a stronger requirement the Set would not
>>> enforce.)
>>> However, I think it's too late to fix this bug now.  That's why I just
>>> added the identity counter.  If you want the behavioral change instead,
>>> I can implement that as well.
>> Maybe it's not too late. This is not a commonly used class, and the
>> compatibility risk is probably fairly low. If you code up the changes, I
>> can file a CCC on your behalf.
> Updated webrev: <http://cr.openjdk.java.net/~fweimer/8072394/webrev.01/>

You need to add a description for the overridden equals/hashCode 
methods, ex:

  * Compares the specified object with this PolicyQualifierInfo for
  * equality.
  * Returns true, if and only if the specified object is also a
  * PolicyQualifierInfo and the encoded bytes are the same.
  * @return true, if the specified object is equal to this
  *    PolicyQualifierInfo, false otherwise
public boolean equals(Object o) {

  * Returns the hashcode for this PolicyQualifierInfo. The hash code
  * is the result of Arrays.hashcode on the encoded bytes of the
  * PolicyQualifierInfo.
  * @return the hashcode for this PolicyQualifierInfo
public int hashCode() {


> I sneaked in a memory model fix to make the class really immutable, and
> simplified the constructor a bit (mEncoded is already a copy, there is
> no need for further copying).
> There's also a new tested, mostly copied from the existing
> GetPolicyQualifiers test.  (I didn't want to edit the existing test be
> cause that sometimes causes trouble.)  The DER values were generated by
> pyasn1 and verified using Peter Gutmann's dumpasn1.
> I couldn't find any other tests for PolicyQualifierInfo, but you may
> have closed tests that need adjusting.

More information about the security-dev mailing list