RFR: 8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE

Sean Coffey coffeys at openjdk.java.net
Wed Nov 17 17:13:24 UTC 2021

On Wed, 17 Nov 2021 16:52:46 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Some elements of the PKCS9Attribute.PKCS9_OIDS array may have null value. The PKCS9Attributes.toString() and PKCS9Attributes.getAttributes() methods need to account for that.
> test/jdk/sun/security/x509/AlgorithmId/NonStandardNames.java line 67:
>> 65:         // test PKCS9Attributes.toString(), PKCS9Attributes.getAttributes()
>> 66:         System.out.println(authed);
>> 67:         authed.getAttributes();
> Looks like the old `getAttributes()` would only throw NPE if one of the attribute is of a type after `PKCS9_OIDS[10]`.

Yes - its also bounded by the "attribs.length" check. I initially thought I'd have to build an PKCS9Attributes Object consisting of 10/11+ PKCS9Attribute Objects. That didn't seem feasible since many are not supported. 

but on re-read, yes, all I need to do is stick in an OID > PKCS9_OIDS[10] - I'll update the testcase.


PR: https://git.openjdk.java.net/jdk/pull/6433

More information about the security-dev mailing list