RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v5]
Weijun Wang
weijun at openjdk.java.net
Tue Feb 15 15:59:11 UTC 2022
On Tue, 15 Feb 2022 15:28:29 GMT, Michael Osipov <duke at openjdk.java.net> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> string at 4th place
>
> src/java.base/share/classes/sun/security/x509/OtherName.java line 93:
>
>> 91: oid = in.getOID();
>> 92: DerValue derValue1 = in.getDerValue();
>> 93: if (!derValue1.isContextSpecific((byte)0) || !derValue1.isConstructed()) {
>
> It might be purely a matter of taste, but isn't `!(isCSTag0 && isConst)` easier to read?
I have difficulty describing `!(a && b)`. There is no parentheses in human language and `!` has higher order than `&&`.
I thought about completely reverse the block but that means everything after the throw will be inside a block and I don't want to move so many lines.
> src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 1594:
>
>> 1592: String v = new DerValue(nameValue).getAsString();
>> 1593: nameEntry.add(v == null ? nameValue : v);
>> 1594: } catch (IOException ioe) {
>
> Attention, this catch block will hide invalid ASN.1 encoding of the other name element from:
> * sun.security.util.DerValue.init(boolean, InputStream, boolean)
> * sun.security.util.DerValue.getIA5String()
>
> Other blocks throw:
>
> throw new CertificateException("Unable to parse DER value of SAN:otherName", ioe);
>
>
> Do you really intend to hide an encoding error int the cert from the user?
Up to debate. Other blocks in `makeAltNames` throw `RuntimeException`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7167
More information about the security-dev
mailing list