[9] RFR: 7145757: CertificateExtensions uses non-consistent key names

Jason Uh jason.uh at oracle.com
Wed Mar 18 23:40:56 UTC 2015 

Hi Max,

On 03/18/2015 04:09 PM, Wang Weijun wrote:
> Hi Jason
>
> I was thinking about changing all set/get calls to using OID so inside CertificateExtensions and CRLExtensions you won't need to care about name conversions. Is that possible?

It might be, but it'd call for more extensive changes. Currently, when 
certificates are parsed, the extensions are added using the name, and 
when they are retrieved, they are also specified by name -- for example, 
X509CertImpl.getBasicConstraints() calls a get() method with the 
BasicConstraints alias as the lookup parameter.

It's been a while, but the last we spoke about this, I think you wanted 
to keep the changes for this contained within CertificateExtensions and 
CRLExtensions. If that's still the case, we'll have to do this name 
conversion. If not, I could try changing things outside of these classes.

> Also I see you adding some IOException throwing and catching. Is there any case you actually see them? I would think if that really happen there might be some programming error.

I added the IOExceptions mainly to keep CRLExtensions consistent with 
CertificateExtensions. I thought it was a little odd that they weren't 
being thrown, but they may not need to be there for CRLExtensions. I can 
take them out.

> --Max
>
>> On Mar 18, 2015, at 09:34, Jason Uh <jason.uh at oracle.com> wrote:
>>
>> Please review this fix, which changes the internal map in sun.security.x509.CertificateExtensions and CRLExtensions to always use the OID as the key.
>>
>> As stated in the JBS issue:
>>> The sun.security.x509.CertificateExtensions class maintains a Map<String,Extension> map field to store all the extensions it manages. The key of map uses the name (say, "BasicConstraints") of the extension, or the OID when the type of the extension is unknown.
>>
>> With this change, the map will consistently use the OID as the key.
>>
>> webrev: http://cr.openjdk.java.net/~juh/7145757/00/
>> bug: https://bugs.openjdk.java.net/browse/JDK-7145757
>>
>> Thanks,
>> Jason
>

More information about the security-dev mailing list