RFR: 8270946: X509CertImpl.getFingerprint should not return the empty String [v2]

Weijun Wang weijun at openjdk.java.net
Mon Jul 26 18:34:30 UTC 2021


On Mon, 26 Jul 2021 17:03:11 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Please review this fix to change the internal `X509CertImpl.getFingerprint` method to not return "" as a fingerprint if there is an error generating that fingerprint. Instead, `null` is now returned, and "" is no longer cached as a valid fingerprint. Although errors generating fingerprints should be very rare, this is a cleaner way to handle them.
>> 
>> Also, debugging messages have been added when there is an exception. And, as a memory/performance improvement, `X509CertImpl.getFingerprint` now calls `X509CertImpl.getEncodedInternal` which avoids cloning the encoded bytes if the `Certificate` is an instance of `X509CertImpl`.
>
> Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Refactor X509CertImpl.getFingerprint(String, Debug).
>   Treat null fingerprint as untrusted.

Marked as reviewed by weijun (Reviewer).

-------------

PR: https://git.openjdk.java.net/jdk/pull/4891



More information about the security-dev mailing list