RFR: 8265372: Simplify PKCS9Attribute [v2]
Sean Mullan
mullan at openjdk.org
Thu Jan 4 20:55:27 UTC 2024
On Wed, 3 Jan 2024 20:39:57 GMT, Ben Perez <duke at openjdk.org> wrote:
>> Refactored PKCS9Attribute to use a hash map instead of multiple arrays. The key for the hash map is an `ObjectIdentifier` and the values are a record `AttributeInfo` that stores the information previously contained in the arrays `PKCS9_VALUE_TAGS`, `VALUE_CLASSES`, and `SINGLE_VALUED`.
>>
>> It seems as though we should be able to get rid of constants such as `EMAIL_ADDRESS_OID` since they aren't heavily used with the hash map approach, but since the values are public it might cause compatibility issues.
>>
>> Another question is how to handle `RSA DSI`, `S/MIME`, `Extended-certificate`, and `Issuer Serial Number` OIDs. The prior version threw an error but in this refactor they are treated as an "unknown OID" and only throw a debug warning. This was addressed in https://bugs.openjdk.org/browse/JDK-8011867 but prior to this refactor the aforementioned OIDs were treated differently than unknown OIDs.
>
> Ben Perez has updated the pull request incrementally with one additional commit since the last revision:
>
> Minor fixes to make the code more readable, inlined init(), removed PKCS9Attributes.getAttributes()
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 214:
> 212: private record AttributeInfo(byte[] valueTags, Class<?> valueClass, boolean singleValued) {}
> 213:
> 214: private static final Map<ObjectIdentifier,AttributeInfo> oidMap = new HashMap<>();
Nit: add a space after ','.
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 218:
> 216: private static void add(ObjectIdentifier oid, boolean singleValued,
> 217: Class<?> valueClass, byte... valueTags) {
> 218: AttributeInfo info = new AttributeInfo(valueTags,valueClass,singleValued);
Nit: add a space after ','.
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 220:
> 218: AttributeInfo info = new AttributeInfo(valueTags,valueClass,singleValued);
> 219: if (oidMap.put(oid, info) != null) {
> 220: throw new RuntimeException("Duplication oid: " + oid);
s/Duplication/Duplicate/
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 253:
> 251:
> 252: add(CHALLENGE_PASSWORD_OID, true,
> 253: Class.forName("java.lang.String"),
`String.class`
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 258:
> 256: DerValue.tag_BMPString,
> 257: DerValue.tag_UniversalString,
> 258: DerValue.tag_UTF8String);
Nit, too much indentation, line up with previous param.
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 281:
> 279: DerValue.tag_Sequence);
> 280:
> 281: } catch (ClassNotFoundException e) {
Probably can remove this try/catch block if you make above changes to not call `Class.forName`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1442236016
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1442236248
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1442237626
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1442242028
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1442241373
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1442242646
More information about the security-dev
mailing list