RFR: 8294985: SSLEngine throws IAE during parsing of X500Principal [v10]
Sean Mullan
mullan at openjdk.org
Thu May 18 12:53:57 UTC 2023
On Thu, 18 May 2023 03:51:55 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> rework based upon code review comments
>
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java line 126:
>
>> 124: }
>> 125:
>> 126: X500Principal[] getAuthorities() throws IllegalArgumentException {
>
> IAE is unchecked exception, and should not be throwing explicitly in method signature/statement. I'm not sure if this throwing is really helpful for caller to check the exception.
Yes, I agree with that comment. I suggest adding a comment above the method to remind callers they may need to catch IAE, something like:
// This method will throw IllegalArgumentException if the X500Principal cannot be parsed.
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java line 147:
>
>> 145: builder.append(principal.toString());
>> 146: } catch (IllegalArgumentException iae) {
>> 147: builder.append("unparseable X500Principal");
>
> I may use the iae message as well for better debugging.
Yes, suggest:
`builder.append("unparseable X500Principal: " + iae.getMessage());`
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java line 289:
>
>> 287: shc.peerSupportedAuthorities = spec.getAuthorities();
>> 288: } catch (IllegalArgumentException iae) {
>> 289: shc.conContext.fatal(Alert.DECODE_ERROR, "X500Principal could not be parsed");
>
> To easy debugging, I may use the exception with fatal(Alert alert, String diagnostic, Throwable cause). Considering this point, I may prefer to throw SSLException in getAuthorities() method.
>
>
> X500Principal[] getAuthorities() throws SSLException {
> ...
> try {
> shc.peerSupportedAuthorities = spec.getAuthorities();
> } catch (SSLException ssle) {
> shc.conContext.fatal(Alert.DECODE_ERROR, "Cannot parse peer supported authorities", ssle);
> }
@XueleiFan Seems like an unnecessary wrapping of IAE when it is going to be rethrown anyway.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13466#discussion_r1197768251
PR Review Comment: https://git.openjdk.org/jdk/pull/13466#discussion_r1197771043
PR Review Comment: https://git.openjdk.org/jdk/pull/13466#discussion_r1197773420
More information about the security-dev
mailing list