RFR 8058778: New APIs for creating certificates and certificate requests

David M. Lloyd david.lloyd at redhat.com
Wed Jan 13 12:08:26 UTC 2016


On 01/12/2016 07:02 PM, Wang Weijun wrote:
> A new webrev at
>
> http://cr.openjdk.java.net/~weijun/8058778/webrev.09/

A couple of questions/comments...

> +    public interface Builder
> +            <S extends Certificate,T extends Builder<S,T>> {

What is the point of the "T" self-type variable?  It does not seem to be 
referenced.  Also the type parameters are not documented in the 
interface JavaDoc, or generally anywhere.

Also in places like this....

+    @Override
+    public <R extends CertificateRequest> R 
engineGenerateCertificateRequest(
+            InputStream is, Class<R> type) throws CertificateException {
+        if (is == null) {
+            // clear the caches (for debugging)
+            certCache.clear();
+            X509CertificatePair.clearCache();
+            throw new CertificateException("Missing input stream");
+        }
+        try {
+            byte[] encoding = readOneBlock(is);
+            if (encoding != null) {
+                return type.cast(new PKCS10(encoding));
+            } else {
+                throw new IOException("Empty input");
+            }
+        } catch (ClassCastException e) {
+            throw new UnsupportedOperationException("Unsupported format");
+        } catch (Exception e2) {
+            throw new CertificateException(e2);
+        }
+    }

...it's using UOE for unsupported format, which doesn't seem right. 
Also, it seems like you could check "type" up at the top.

The docs don't seem to specify whether the CSR block is consumed in the 
event of an invalid type Class being passed in.

-- 
- DML



More information about the security-dev mailing list