RFR: 8277976: Break up SEQUENCE in X509Certiticate#getSubjectAlternativeNames() in otherName

Weijun Wang weijun at openjdk.java.net
Thu Feb 10 15:55:06 UTC 2022


On Thu, 10 Feb 2022 13:45:16 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> Looks good, but I think a CSR should also be filed.

Sure, I'll write one now. I've added the `csr` label so that I will not forget about it. Just want to delay the writing after we agree on the text.

> src/java.base/share/classes/java/security/cert/X509Certificate.java line 590:
> 
>> 588:      * integers separated by periods. Directory names (distinguished names)
>> 589:      * are returned in <a href="http://www.ietf.org/rfc/rfc2253.txt">
>> 590:      * RFC 2253</a> string format. Othernames are returned as a byte array
> 
> Maybe "otherNames" since that is what we call it below.

OK.

> test/jdk/sun/security/x509/OtherName/Parse.java line 54:
> 
>> 52: public class Parse {
>> 53: 
>> 54:     public static class MyDNSName extends DNSName {
> 
> What's the purpose of the MyDNSName class? You don't seem to do anything with it later in the test.

It's a kind of otherName (the assigned OID is 1.2.3.6) I used later. The `OtherName` class tries to parse the name inside (see the private `getGNI()` method) and it is used in `equals()`. I just want to confirm it works.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7167



More information about the security-dev mailing list