RFR: 8296072: CertAttrSet::encode and DerEncoder::derEncode should write into DerOutputStream [v3]

Weijun Wang weijun at openjdk.org
Fri Oct 28 22:04:39 UTC 2022


> The argument of the `CertAttrSet::encode` and `DerEncoder::derEncode` interface methods are modified from `OutputStream` to `DerOutputStream`. All implementations are modified the same way.
> 
> `OutputStream` is still used by `sun.security.x509.Extension::encode(OutputStream os)` because it's inherited from `java.security.cert.Extension`. The method is now marked final to avoid accidental override.
> 
> In `CertificateExtensions` and `CRLExtensions`, only `Extension::encode(DerOutputStream out)` is called. It used to call `CertAttrSet::encode` for a known extension and `Extension::encode(DerOutputStream out)` for an unknown one. This makes sure the overridden `encode` methods in known extensions are always called. Now that they have the same argument, there is no need for this check.

Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:

  same for DerEncoder::derEncode
  
  only in patch2:
  unchanged:

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/10906/files
  - new: https://git.openjdk.org/jdk/pull/10906/files/05f129b2..da7221f2

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=10906&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=10906&range=01-02

  Stats: 50 lines in 13 files changed: 1 ins; 23 del; 26 mod
  Patch: https://git.openjdk.org/jdk/pull/10906.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/10906/head:pull/10906

PR: https://git.openjdk.org/jdk/pull/10906


More information about the security-dev mailing list