RFR: 8296072: CertAttrSet::encode and DerEncoder::derEncode should write into DerOutputStream [v4]
Sean Mullan
mullan at openjdk.org
Mon Oct 31 19:40:48 UTC 2022
On Mon, 31 Oct 2022 19:06:39 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> The argument of the `CertAttrSet::encode` and `DerEncoder::derEncode` interface methods are modified from `OutputStream` to `DerOutputStream`. All implementations are modified the same way.
>>
>> `OutputStream` is still used by `sun.security.x509.Extension::encode(OutputStream os)` because it's inherited from `java.security.cert.Extension`. The method is now marked final to avoid accidental override.
>>
>> In `CertificateExtensions` and `CRLExtensions`, only `Extension::encode(DerOutputStream out)` is called. It used to call `CertAttrSet::encode` for a known extension and `Extension::encode(DerOutputStream out)` for an unknown one. This makes sure the overridden `encode` methods in known extensions are always called. Now that they have the same argument, there is no need for this check.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> param and override
src/java.base/share/classes/sun/security/x509/Extension.java line 143:
> 141: }
> 142:
> 143: public final void encode(OutputStream out) throws IOException {
Can you also add `@Override` here?
test/jdk/sun/security/pkcs/pkcs9/UnknownAttribute.java line 60:
> 58: throw new Exception();
> 59: }
> 60: DerOutputStream bout = new DerOutputStream();
Nit: change variable name to `dout`. Also on line 78.
test/jdk/sun/security/tools/keytool/ExtOptionCamelCase.java line 206:
> 204: // extensions (not of a subtype) and we need to store and reload
> 205: // it to resolve them to subtypes.
> 206: DerOutputStream bout = new DerOutputStream();
Nit: change variable name to dout.
-------------
PR: https://git.openjdk.org/jdk/pull/10906
More information about the security-dev
mailing list