RFR: 8296736: Some PKCS9Attribute can be created but cannot be encoded
Weijun Wang
weijun at openjdk.org
Wed Nov 9 22:02:54 UTC 2022
One `PKCS9Attribute` can be created but cannot be encoded. Since the `SigningCertificateInfo::parse` method has not fully parsed the data (`PolicyInformation` is left out), this code change add the encoding itself as a field to the `SigningCertificateInfo` class so we can encode it.
After this change, unsupported `PKCSAttribute` object simply cannot be created. The `new(DerValue)` constructor rejects them (type 9-13, 15) in a `switch` block, and the `new(ObjectIdentifier, Object)` constructor rejects them because `VALUE_CLASSES` for them are null.
In the `encode()` method, we now throw `IllegalArgumentException` for these types and they will not happen.
-------------
Commit messages:
- avoid NPE
- the fix
Changes: https://git.openjdk.org/jdk/pull/11070/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11070&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8296736
Stats: 31 lines in 3 files changed: 18 ins; 0 del; 13 mod
Patch: https://git.openjdk.org/jdk/pull/11070.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/11070/head:pull/11070
PR: https://git.openjdk.org/jdk/pull/11070
More information about the security-dev
mailing list