RFR: 8265372: Simplify PKCS9Attribute
Weijun Wang
weijun at openjdk.org
Thu Dec 21 17:42:46 UTC 2023
On Fri, 15 Dec 2023 20:34:21 GMT, Ben Perez <duke at openjdk.org> wrote:
> Refactored PKCS9Attribute to use a hash map instead of multiple arrays. The key for the hash map is an `ObjectIdentifier` and the values are a record `AttributeInfo` that stores the information previously contained in the arrays `PKCS9_VALUE_TAGS`, `VALUE_CLASSES`, and `SINGLE_VALUED`.
>
> It seems as though we should be able to get rid of constants such as `EMAIL_ADDRESS_OID` since they aren't heavily used with the hash map approach, but since the values are public it might cause compatibility issues.
>
> Another question is how to handle `RSA DSI`, `S/MIME`, `Extended-certificate`, and `Issuer Serial Number` OIDs. The prior version threw an error but in this refactor they are treated as an "unknown OID" and only throw a debug warning. This was addressed in https://bugs.openjdk.org/browse/JDK-8011867 but prior to this refactor the aforementioned OIDs were treated differently than unknown OIDs.
The map is definitely simpler to read than the original arrays. I wonder if we can further enhance the two big `switch`. Ideally, the info for object type and encoding are already described in `AttributeInfo` and all the conversion between object and encoding should be able to be deduced from them. Or, if the info is still not enough, maybe we can add two lambdas to each `AttributeInfo` which is for decoding and encoding, separately.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/17132#issuecomment-1866698656
More information about the security-dev
mailing list