RFR: 8265372: Simplify PKCS9Attribute [v2]

Sean Mullan mullan at openjdk.org
Thu Jan 4 21:17:26 UTC 2024 

On Wed, 3 Jan 2024 20:39:57 GMT, Ben Perez <duke at openjdk.org> wrote:

>> Refactored PKCS9Attribute to use a hash map instead of multiple arrays. The key for the hash map is an `ObjectIdentifier` and the values are a record `AttributeInfo` that stores the information previously contained in the arrays `PKCS9_VALUE_TAGS`, `VALUE_CLASSES`, and `SINGLE_VALUED`. 
>> 
>> It seems as though we should be able to get rid of constants such as `EMAIL_ADDRESS_OID` since they aren't heavily used with the hash map approach, but since the values are public it might cause compatibility issues.
>> 
>> Another question is how to handle `RSA DSI`, `S/MIME`, `Extended-certificate`, and `Issuer Serial Number` OIDs. The prior version threw an error but in this refactor they are treated as an "unknown OID" and only throw a debug warning. This was addressed in https://bugs.openjdk.org/browse/JDK-8011867 but prior to this refactor the aforementioned OIDs were treated differently than unknown OIDs.
>
> Ben Perez has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Minor fixes to make the code more readable, inlined init(), removed PKCS9Attributes.getAttributes()

There are some existing regression tests in the `test/jdk/sun/security/pkcs/pkcs9` directory. I would look through those to see if it would be useful to add more test cases to make sure the code is being adequately tested.

src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 321:

> 319: 
> 320:         this.oid = oid;
> 321:         info = oidMap.get(oid);

Nit: Change to `this.info` to be consistent with other fields.

src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 321:

> 319: 
> 320:         this.oid = oid;
> 321:         info = oidMap.get(oid);

What if `info` is `null` (there is no entry for the specified OID)? The prior code set the value class to `byte[]` in that case. I think we want to preserve that behavior.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/17132#issuecomment-1877768541
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1442246539
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1442250877

More information about the security-dev mailing list