RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v5]

[Weijun Wang]

On Tue, 15 Feb 2022 15:46:10 GMT, Michael Osipov <duke at openjdk.java.net> wrote:

>> I have difficulty describing `!(a && b)`. There is no parentheses in human language and `!` has higher order than `&&`.
>> 
>> I thought about completely reverse the block but that means everything after the throw will be inside a block and I don't want to move so many lines.
>
> My wording for the &&: If the tag is not a constructed and context-specific tag number 0, then an exception is thrown. The parens denote that both conditions need to apply:
> 
> !(isCSTag0 && isConst)
> 
> true, true = !(true && true) = !true = false
> true, false = !(true && false) = !false = true
> false, true = !(false && true) = !false = true
> false, false = !(false && false) = !false = true
> 
> 
> !isCSTag0 || !isConst
> 
> true, true = !true || !true = false || false = false
> true, false = !true || !false = false || true = true
> false, true = !false || !true = true || false = true
> false, false = !false || !false = true || true = true

If you really like it, I'll write

        if (derValue1.isContextSpecific((byte) 0) && derValue1.isConstructed()) {
            nameValue = derValue1.data.toByteArray();
        } else {
            throw new IOException("value is not [0]");
        }

Turns out I don't need to move all lines into the block.

>> Up to debate. Other blocks in `makeAltNames` throw `RuntimeException`.
>
> Correct, but they don't swallow at least.

But in this case, we still have a place to provide the raw bytes. Maybe that's better? Or you'd rather be guaranteed that one particular otherName should always have a string there and there's no need to do an `instanceof` check? What if the tag is already wrong and I don't know it should be a string?

-------------

PR: https://git.openjdk.java.net/jdk/pull/7167