RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v5]
Michael StJohns
mstjohns at comcast.net
Fri Feb 18 19:19:58 UTC 2022
OtherName.java @93,97
PR:https://git.openjdk.java.net/jdk/pull/7167
> if (derValue1.isContextSpecific((byte) 0) &&
> derValue1.isConstructed()) {
> nameValue = derValue1.data.toByteArray();
> } else {
> throw new IOException("value is not [0]");
> }
That exception string isn't correct (the value is usually not just the
tag), nor very descriptive. How about instead:
throw new IOException ("value is not EXPLICTly tagged [0]");
Also, the derValue1.data should be parseable into a DerValue itself.
Should that be checked here as well and an error thrown if invalid?
I.e., add this after nameValue = ...
try {
new DerValue (nameValue);
} catch (IOException ex) {
throw new IOException ("Body of OtherName is not a valid BER or
DER value", ex);
}
Thanks - Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20220218/095af108/attachment.htm>
More information about the security-dev
mailing list