RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v4]

Weijun Wang weijun at openjdk.java.net
Tue Feb 15 15:20:11 UTC 2022


On Fri, 11 Feb 2022 17:13:46 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> The enhancement adds two extra items in the `getSubjectAlternativeNames()` output for an OtherName.
>> 
>> It also fix several errors:
>> 1. In `OtherName.java`, `nameValue` should be the value inside `CONTEXT [0]` without the tag and length bytes.
>> 2. The argument in constructor `extClass.getConstructor(Object.class)` is suspicious. Maybe it meant `byte[]`.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   specifies the type of the 4th element

New commit pushed with a spec change and CSR is now in draft mode. Something worth mentioning:

1. I explicitly added "valid UTF8String..." to match the `catch (IOException)` line in the implementation, so if there's anything wrong parsing the value as a string then the byte array will still be there.
2. I feel a little uneasy of the new `if` and `otherwise` words inside parenthesis, especially the second one which seems out of nowhere. Please suggest better wording if possible.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7167



More information about the security-dev mailing list