RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v4]

Michael Osipov duke at openjdk.java.net
Tue Feb 15 16:15:15 UTC 2022


On Tue, 15 Feb 2022 16:04:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> > > ```
> > > 2. I feel a little uneasy of the new `if` and `otherwise` words inside parentheses, especially the second one which seems out of nowhere. Please suggest better wording if possible.
> > > ```
> > 
> > 
> > What about?
> > ```
> > and a fourth entry as either a string if {@code value} inside
> > is a valid ASN.1 string (any of UTF8String, PrintableString, T61String, IA5String,
> > UniversalString, BMPString, or GeneralString) or otherwise a byte array containing
> > the ASN.1 DER encoding of {@code value} without the context-specific
> > constructed tag with number 0. 
> > ```
> 
> Do not feel easy with the two `or`.

Yes, then you need parens...

> > > ```
> > > 3. The string types I listed is only what we supported inside JDK and not all "restricted character string types". Is it appropriate to list them out in a specification? If not, shall I just say "a valid character string"? This brings more explanation to what "valid" means.
> > > ```
> > 
> > 
> > Yes, this makes it perfectly clear what is supported of out of the box.
> 
> But this also means if the internal implementation deep inside `DerValue::getAsString` is updated then this spec must be updated as well.

True, it creates an unnecessary dependency. Remove explicit mentioning. I don't expect any new ASN.1 string types to be added in the future, but of someone decides to create a public ASN.1 API in the JDK and rewrite all internal code this would be subject to it.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7167



More information about the security-dev mailing list