RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v5]

[Weijun Wang]

On Fri, 18 Feb 2022 15:17:30 GMT, Michael Osipov <duke at openjdk.java.net> wrote:

>> I want to minimize behavior change and I'm leaving them to notice there's no string there and fail.
>
> While I understand that, `new DerValue(byte[])` will be ignored and this will be also inconsistent with the remaining general names. Looking at sun.security.x509.GeneralName.GeneralName(DerValue, boolean) they all throw `IOException`.

For other known names, you either return a parsed name or fail. For `otherName`, you already have the raw data and this further parsed name is a bonus. I just don't like a problem in getting the bonus to ruin the original benefit. Also, I think the caller will have to check the length and the type anyway so this will not be an extra burden. Besides, I always feel that `otherName` could be freely extended and the quality of its encoding might not be as guaranteed as the other ones. @seanjmullan, any comment here?

Too many "other" used and hopefully no one get confused.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7167