-
Bug
-
Resolution: Fixed
-
P4
-
None
-
None
-
b11
sun.security.pkcs.PKCS9Attribute has several problems:
1. Multiple arrays like PKCS9_OIDS, PKCS9_VALUE_TAGS, VALUE_CLASSES, SINGLE_VALUED must be carefully maintained so they always have the same length and items at the same index serve the same type (OID) precisely.
2. There are unsupported attributes in the known list:
a) You cannot create one with unsupported OID and value because its expected class (in VALUE_CLASSES) is null and NPE will be thrown while checking the value type.
b) You also cannot create one with unsupported OID and encoding because you cannot get a value from it and IOE is thrown.
c) There is one special SigningCertificate type that you cannot create from value but can from encoding, but then calling derEncode() on it throws an IOE. This SigningCertificate has no other usage inside JDK and therefore not worth parsing at all.
We should consolidate all type related info into one place and be clear on what we support and not. When there is support, it should be complete.
1. Multiple arrays like PKCS9_OIDS, PKCS9_VALUE_TAGS, VALUE_CLASSES, SINGLE_VALUED must be carefully maintained so they always have the same length and items at the same index serve the same type (OID) precisely.
2. There are unsupported attributes in the known list:
a) You cannot create one with unsupported OID and value because its expected class (in VALUE_CLASSES) is null and NPE will be thrown while checking the value type.
b) You also cannot create one with unsupported OID and encoding because you cannot get a value from it and IOE is thrown.
c) There is one special SigningCertificate type that you cannot create from value but can from encoding, but then calling derEncode() on it throws an IOE. This SigningCertificate has no other usage inside JDK and therefore not worth parsing at all.
We should consolidate all type related info into one place and be clear on what we support and not. When there is support, it should be complete.