RFR: 8080272 Refactor I/O stream copying to use InputStream.transferTo/readAllBytes and Files.copy [v11]

Andrey Turbanov github.com+741251+turbanoff at openjdk.java.net
Fri Feb 19 08:07:42 UTC 2021


On Thu, 18 Feb 2021 19:21:45 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Andrey Turbanov has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8080272: Refactor I/O stream copying to use java.io.InputStream.transferTo
>>   remove unnecessary file.exists() check
>
> src/java.base/share/classes/sun/security/provider/certpath/X509CertPath.java line 228:
> 
>> 226:         try {
>> 227:             if (is.markSupported() == false) {
>> 228:                 // Copy the entire input stream into an InputStream that does
> 
> I don't think you should remove lines 228-232. These methods are called by methods of CertificateFactory that take InputStream (which may contain a stream of security data) and they are designed such that they try to read one Certificate, CRL, or CertPath from the InputStream and leave the InputStream ready to parse the next structure instead of consuming all of the bytes. Thus they check if the InputStream supports mark in order to try to preserve that behavior. If mark is not supported, then it's ok to use InputStream.readAllBytes, otherwise, leave the stream as-is.

As I can see only ByteArrayInputStream is actually passed in `InputStream` in current JDK code:

    PKCS7 pkcs7 = new PKCS7(is.readAllBytes());
        private static List<X509Certificate> parsePKCS7(InputStream is)
            certs = parsePKCS7(is);
                public X509CertPath(InputStream is, String encoding)
                    return new X509CertPath(new ByteArrayInputStream(data), encoding);

    PKCS7 pkcs7 = new PKCS7(is.readAllBytes());
        private static List<X509Certificate> parsePKCS7(InputStream is)
            certs = parsePKCS7(is);
                public X509CertPath(InputStream is, String encoding)
                    this(is, PKIPATH_ENCODING);
                        public X509CertPath(InputStream is) throws CertificateException {
                            return new X509CertPath(new ByteArrayInputStream(encoding));

![изображение](https://user-images.githubusercontent.com/741251/108475587-f4f61080-72a1-11eb-91e0-ac2b98c7c490.png)

Perhaps original marking approach was lost during refactoring?

-------------

PR: https://git.openjdk.java.net/jdk/pull/1853



More information about the security-dev mailing list