RFR: 8251468: X509Certificate.get{Subject, Issuer}AlternativeNames does not throw CertificateParsingException if extension is unparseable
Weijun Wang
weijun at openjdk.java.net
Mon Oct 25 23:51:13 UTC 2021
On Mon, 25 Oct 2021 20:17:17 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> That's probably a little deeper and changing it will have a mass effect. What about at the `getIssuerAlternativeNameExtension` level?
>
> Unless I am misunderstanding your comment, I don't think this is an issue in practice. The code inside the `X509CertImpl.getExtension` method only throws an Exception if invalid OIDs or attribute names are passed to the internal `get` methods of `X509CertInfo` and `CertificateExtensions`, which isn't possible when you are passing in known values/attributes. I think this is why the code swallows the exceptions and returns null, but it would be nice to have a comment explaining that.
I was asking if `getIssuerAlternativeNameExtension` can throw the exception is IAE exists but not parseable.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6106
More information about the security-dev
mailing list