RFR: 8296736: Some PKCS9Attribute can be created but cannot be encoded [v2]

Weijun Wang weijun at openjdk.org
Thu Nov 10 02:43:21 UTC 2022


> One `PKCS9Attribute` can be created but cannot be encoded. Since the `SigningCertificateInfo::parse` method has not fully parsed the data (`PolicyInformation` is left out), this code change add the encoding itself as a field to the `SigningCertificateInfo` class so we can encode it.
> 
> After this change, unsupported `PKCSAttribute` object simply cannot be created. The `new(DerValue)` constructor rejects them (type 9-13, 15) in a `switch` block, and the `new(ObjectIdentifier, Object)` constructor rejects them because `VALUE_CLASSES` for them are null.
> 
> In the `encode()` method, we now throw `IllegalArgumentException` for these types and they will not happen.

Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:

  make class package private

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11070/files
  - new: https://git.openjdk.org/jdk/pull/11070/files/b80a7805..8765c136

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11070&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11070&range=00-01

  Stats: 42 lines in 1 file changed: 6 ins; 4 del; 32 mod
  Patch: https://git.openjdk.org/jdk/pull/11070.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11070/head:pull/11070

PR: https://git.openjdk.org/jdk/pull/11070



More information about the security-dev mailing list