Integrated: 8270946: X509CertImpl.getFingerprint should not return the empty String

Sean Mullan mullan at openjdk.java.net
Tue Jul 27 13:52:37 UTC 2021


On Fri, 23 Jul 2021 17:16:26 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> Please review this fix to change the internal `X509CertImpl.getFingerprint` method to not return "" as a fingerprint if there is an error generating that fingerprint. Instead, `null` is now returned, and "" is no longer cached as a valid fingerprint. Although errors generating fingerprints should be very rare, this is a cleaner way to handle them.
> 
> Also, debugging messages have been added when there is an exception. And, as a memory/performance improvement, `X509CertImpl.getFingerprint` now calls `X509CertImpl.getEncodedInternal` which avoids cloning the encoded bytes if the `Certificate` is an instance of `X509CertImpl`.

This pull request has now been integrated.

Changeset: fc80a6b4
Author:    Sean Mullan <mullan at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/fc80a6b49364594fafa0e2efc769d2f6234cfa22
Stats:     228 lines in 6 files changed: 192 ins; 12 del; 24 mod

8270946: X509CertImpl.getFingerprint should not return the empty String

Reviewed-by: weijun

-------------

PR: https://git.openjdk.java.net/jdk/pull/4891



More information about the security-dev mailing list