RFR: 8251468: X509Certificate.get{Subject, Issuer}AlternativeNames does not throw CertificateParsingException if extension is unparseable
Sean Mullan
mullan at openjdk.java.net
Mon Oct 25 15:10:10 UTC 2021
On Mon, 25 Oct 2021 14:20:08 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> How about other `X509Certificate` methods that get info of an extension?
Good question. There are 3: `getBasicConstraints`, `getKeyUsage` and `getExtendedKeyUsage`. The first two methods are not specified to throw an Exception, so that seems like a more significant change and I'm not sure it is worth it. Also, if they are marked critical, then an exception will be thrown when the X509Certificate is parsed.
As for `getExtendedKeyUsage`, it is specified to throw a `CertificateParsingException` but it looks like it also has the same problem as the altnames, so I will change the impl to comply with the spec.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6106
More information about the security-dev
mailing list