RFR: 8296736: Some PKCS9Attribute can be created but cannot be encoded [v2]
Valerie Peng
valeriep at openjdk.org
Mon Nov 14 21:19:09 UTC 2022
On Thu, 10 Nov 2022 02:43:21 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> One `PKCS9Attribute` can be created but cannot be encoded. Since the `SigningCertificateInfo::parse` method has not fully parsed the data (`PolicyInformation` is left out), this code change add the encoding itself as a field to the `SigningCertificateInfo` class so we can encode it.
>>
>> After this change, unsupported `PKCSAttribute` object simply cannot be created. The `new(DerValue)` constructor rejects them (type 9-13, 15) in a `switch` block, and the `new(ObjectIdentifier, Object)` constructor rejects them because `VALUE_CLASSES` for them are null.
>>
>> In the `encode()` method, we now throw `IllegalArgumentException` for these types and they will not happen.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> make class package private
test/jdk/sun/security/pkcs/pkcs9/PKCS9AttrTypeTests.java line 176:
> 174: // Encoding is supported
> 175: DerOutputStream dos = new DerOutputStream();
> 176: p9Attr.encode(dos);
Should we check the encoding has the expected value? Otherwise, it looks like we only require that no exception is thrown?
-------------
PR: https://git.openjdk.org/jdk/pull/11070
More information about the security-dev
mailing list