RFR: 8265372: Simplify PKCS9Attribute [v7]
Weijun Wang
weijun at openjdk.org
Wed Jan 31 18:21:06 UTC 2024
On Wed, 31 Jan 2024 18:18:30 GMT, Ben Perez <duke at openjdk.org> wrote:
>> Refactored PKCS9Attribute to use a hash map instead of multiple arrays. The key for the hash map is an `ObjectIdentifier` and the values are a record `AttributeInfo` that stores the information previously contained in the arrays `PKCS9_VALUE_TAGS`, `VALUE_CLASSES`, and `SINGLE_VALUED`.
>>
>> It seems as though we should be able to get rid of constants such as `EMAIL_ADDRESS_OID` since they aren't heavily used with the hash map approach, but since the values are public it might cause compatibility issues.
>>
>> Another question is how to handle `RSA DSI`, `S/MIME`, `Extended-certificate`, and `Issuer Serial Number` OIDs. The prior version threw an error but in this refactor they are treated as an "unknown OID" and only throw a debug warning. This was addressed in https://bugs.openjdk.org/browse/JDK-8011867 but prior to this refactor the aforementioned OIDs were treated differently than unknown OIDs.
>
> Ben Perez has updated the pull request incrementally with one additional commit since the last revision:
>
> Added EncodeDecode.java test
test/jdk/sun/security/pkcs/pkcs9/EncodeDecode.java line 102:
> 100: test(CMS_ALGORITHM_PROTECTION_OID, onev,
> 101: "301b06092a864886f70d010934310e300c040a00000000000000000000");
> 102:
Better add a comment here that the next line is about an "unsupported" type.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17132#discussion_r1473273639
More information about the security-dev
mailing list