[9] RFR: 7145757: CertificateExtensions uses non-consistent key names
Wang Weijun
weijun.wang at oracle.com
Tue Mar 31 03:40:23 UTC 2015
CRLExtensions.java
==================
116 Class<?> extClass = ExtensionsMap.getClass(ext.getExtensionId());
117 if (extClass == null) { // Unsupported extension
118 if (ext.isCritical())
119 unsupportedCritExt = true;
120 if (map.put(ext.getId(), ext) != null)
121 throw new CRLException("Duplicate extensions not allowed");
122 return;
123 }
124 Constructor<?> cons = extClass.getConstructor(PARAMS);
125 Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
126 ext.getExtensionValue()};
127 CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed);
128 if (map.put(ext.getId(), (Extension)crlExt) != null) {
129 throw new CRLException("Duplicate extensions not allowed");
130 }
I see no reason to convert cons.newInstance(passed) first to one type then another. Also, the 2 throw statements can be combined to one.
195 public void set(String oid, Object obj) {
196 map.put(oid, (Extension) obj);
197 }
How about simply set(Object obj) or set(Extension ext)? You can always find oid from ext.getId(). This prevents unnoticed codes still using the name as keys.
I'd like to add a comment to the map field, something like
For known extensions listed in ExtensionMap, the value must be of a child type of Extension (defined in ExtensionMap).
This is quite critical for the getExtension() methods in X509CRLImpl to work correctly.
CertificateExtensions.java
==========================
Same as above, but in the comment of map, there is an extra case
Known extensions which is unparseable and not critical will be stored in an unparseableExtensions map.
Since we don't use names as keys, CertificateExtensions is not a typical CertAttrSet now. Remove the implements clause.
OtherName.java
==============
ExtensionMap will not support OtherName anymore. getGNI() should always return null. File a new RFE on how to implement OtherName in post-jdk9 era.
certAttributes.html
===================
229 Extensions can be added by implementing the
230 <code>sun.security.x509.CertAttrSet</code> interface and
231 subclassing <code>sun.security.x509.Extension</code> class.
232 Register the new extension using the ExtensionsMap class.
After jdk9, these interface/class will not be available outside jdk. File an enhancement on how to do this later.
ExtensionsMap.java
==================
195 public static void addAttribute(String name, String oid, Class<?> clazz)
196 throws CertificateException {
After jdk9, this method will not be available outside jdk. Mention this in the enhancement filed above.
Thanks
Max
> On Mar 28, 2015, at 22:45, Wang Weijun <weijun.wang at oracle.com> wrote:
>
>>
>> On Mar 28, 2015, at 05:19, Jason Uh <jason.uh at oracle.com> wrote:
>>
>>
>>
>> On 03/27/2015 03:53 AM, Wang Weijun wrote:
>>>
>>>> On Mar 27, 2015, at 06:37, Jason Uh <jason.uh at oracle.com> wrote:
>>>>
>>>> Please review this revision:
>>>> http://cr.openjdk.java.net/~juh/7145757/01/
>>>>
>>>> * a global nameCache is maintained in OIDMap as suggested
>>>
>>> Can you just use the existing OIDMap.getId() method? It looks like your getCachedOid(name) is the same as getId("x509.info.extensions." + name).
>>>
>>> In fact, since the OIDMap only contains mapping of extensions, I'd suggest renaming it to ExtensionMap and change the name inside to short names (without the "x509.info.extensions." prefix).
>>
>> OK, thanks for that suggestion. I thought there was some significance to using the "full" name in OIDMap,
>
> I think it was designed to be more powerful (see how OtherName uses it) but unfortunately it hasn't been so. Now that with jdk9/module it is no more accessible from outside the JDK, we can simplify it.
>
>> but if that's not necessary, it makes things more flexible. Here is the latest revision that uses only the existing OIDMap (now called ExtensionsMap).
>>
>> http://cr.openjdk.java.net/~juh/7145757/02/
>
> Will read it.
>
> Thanks
> Max
>
>>
>> Thanks,
>> Jason
>>
>>> --Max
More information about the security-dev
mailing list