RFR: 8297065: DerOutputStream operations should not throw IOExceptions [v2]

Valerie Peng valeriep at openjdk.org
Sun Nov 27 08:09:18 UTC 2022 

On Wed, 23 Nov 2022 19:48:48 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This is mostly cleanup. Everything around `DerOutputStream` no longer throws an `IOException`. This includes:
>> 
>> - Remove unnecessary `throws IOException` in code and spec
>> - Remove `catch (IOException ioe)` blocks. If new exception is thrown, remove further `throws` in code and spec
>> - More classes implementing `DerEncoder` if they have a `encode(DerOutputStream)` method
>> - Modify `write(bytes)` to `writeBytes(bytes)` to avoid IOE
>> - Some unused methods removed
>> - `DerOutputStream` is final
>> 
>> The only actual changes (still trivial) are:
>> - Since `PKCS7::encodeSignedData(OutputStream out)` is removed, its usages in `PKCS7::constructToken` and `TsaSigner::createResponse` (in test) are modified to use another method with a `DerOutputStream` argument.
>> - In PKCS8Key, since `getEncodedInternal` never returns non-null, remove null check on result
>> - Since `DerOutputStream` is final, no need to clone bytes in `encode` of `X509CertImpl` and `X509CRLImpl`.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   one more

src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 467:

> 465:      */
> 466:     public static X509CertImpl newSigned(X509CertInfo info, PrivateKey key, String algorithm, String provider)
> 467:             throws CertificateException, NoSuchAlgorithmException,

The javadoc above states that CertificateException is thrown on encoding errors. Will there still be encoding errors? The updated code seems not.

src/java.base/share/classes/sun/security/x509/X509CertInfo.java line 148:

> 146:      * @param out an output stream to which the certificate is appended.
> 147:      * @exception CertificateException on encoding errors.
> 148:      * @exception IOException on other errors.

should remove this line?

-------------

PR: https://git.openjdk.org/jdk/pull/11302

More information about the security-dev mailing list