RFR: 8246797: A convenient method to read OPTIONAL element [v2]

Valerie Peng valeriep at openjdk.java.net
Thu Aug 26 01:15:27 UTC 2021 

On Tue, 24 Aug 2021 18:05:50 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/util/DerInputStream.java line 352:
>> 
>>> 350:      * @throws IOException if an I/O error happens while peeking the byte
>>> 351:      */
>>> 352:     public boolean seeOptionalContextSpecific(int n) throws IOException {
>> 
>> Given the two getOptionalXXXContextSpecific(int) method, do we really need this to be public? Same goes for the two checkNextTag(...) methods above.
>
> `checkNextTag()` is useful for other kinds of OPTIONAL fields. For example, `keyLength` inside
> 
> 
> PBKDF2-params ::= SEQUENCE {
>      salt CHOICE {
>        specified OCTET STRING,
>        otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
>      },
>      iterationCount INTEGER (1..MAX),
>      keyLength INTEGER (1..MAX) OPTIONAL,
>      prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
> }
>  ```
> Maybe I should create a `getOptional(byte)` method?
> 
> For `seeOptionalContextSpecific`, I was thinking about if I might need to read the field using another method. For example, PKCS7 `SignedData` contains a field
> 
> certificates [0] IMPLICIT CertificateSet OPTIONAL
> 
> After I confirm the [0] is actually there, I'll still need to call `outerStream.getSet(n, true)` to read the set. Maybe I should create a `DerValue::getSet(n)` method or expose the existing `subs()`?
> 
> I'll include more examples in this PR so you can judge the design better.

Sure, that'd be good if I have more examples to understand the planned usage better.

>> src/java.base/share/classes/sun/security/util/DerValue.java line 319:
>> 
>>> 317: 
>>> 318:     /**
>>> 319:      * Wraps a byte array at a single DerValue.
>> 
>> nit: at=>as
>
> I just want to give it a new name so a user knows the content is only wrapped but not cloned.

Hmm, I see. At some point, maybe we need to better document this or consolidate the APIs.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5221

More information about the security-dev mailing list