RFR: 8277976: Break up SEQUENCE in X509Certiticate#getSubjectAlternativeNames() in otherName

Sean Mullan mullan at openjdk.java.net
Thu Feb 10 13:48:05 UTC 2022


On Thu, 20 Jan 2022 19:42:22 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> The enhancement adds two extra items in the `getSubjectAlternativeNames()` output for an OtherName.
> 
> It also fix several errors:
> 1. In `OtherName.java`, `nameValue` should be the value inside `CONTEXT [0]` without the tag and length bytes.
> 2. The argument in constructor `extClass.getConstructor(Object.class)` is suspicious. Maybe it meant `byte[]`.

Looks good, but I think a CSR should also be filed.

src/java.base/share/classes/java/security/cert/X509Certificate.java line 590:

> 588:      * integers separated by periods. Directory names (distinguished names)
> 589:      * are returned in <a href="http://www.ietf.org/rfc/rfc2253.txt">
> 590:      * RFC 2253</a> string format. Othernames are returned as a byte array

Maybe "otherNames" since that is what we call it below.

test/jdk/sun/security/x509/OtherName/Parse.java line 54:

> 52: public class Parse {
> 53: 
> 54:     public static class MyDNSName extends DNSName {

What's the purpose of the MyDNSName class? You don't seem to do anything with it later in the test.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7167



More information about the security-dev mailing list