RFR 8058778: New APIs for creating certificates and certificate requests
David M. Lloyd
david.lloyd at redhat.com
Wed Jan 13 12:08:26 UTC 2016
On 01/12/2016 07:02 PM, Wang Weijun wrote:
> A new webrev at
>
> http://cr.openjdk.java.net/~weijun/8058778/webrev.09/
A couple of questions/comments...
> + public interface Builder
> + <S extends Certificate,T extends Builder<S,T>> {
What is the point of the "T" self-type variable? It does not seem to be
referenced. Also the type parameters are not documented in the
interface JavaDoc, or generally anywhere.
Also in places like this....
+ @Override
+ public <R extends CertificateRequest> R
engineGenerateCertificateRequest(
+ InputStream is, Class<R> type) throws CertificateException {
+ if (is == null) {
+ // clear the caches (for debugging)
+ certCache.clear();
+ X509CertificatePair.clearCache();
+ throw new CertificateException("Missing input stream");
+ }
+ try {
+ byte[] encoding = readOneBlock(is);
+ if (encoding != null) {
+ return type.cast(new PKCS10(encoding));
+ } else {
+ throw new IOException("Empty input");
+ }
+ } catch (ClassCastException e) {
+ throw new UnsupportedOperationException("Unsupported format");
+ } catch (Exception e2) {
+ throw new CertificateException(e2);
+ }
+ }
...it's using UOE for unsupported format, which doesn't seem right.
Also, it seems like you could check "type" up at the top.
The docs don't seem to specify whether the CSR block is consumed in the
event of an invalid type Class being passed in.
--
- DML
More information about the security-dev
mailing list