Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8265372

Simplify PKCS9Attribute

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 23
    • None
    • security-libs
    • None

      sun.security.pkcs.PKCS9Attribute has several problems:

      1. Multiple arrays like PKCS9_OIDS, PKCS9_VALUE_TAGS, VALUE_CLASSES, SINGLE_VALUED must be carefully maintained so they always have the same length and items at the same index serve the same type (OID) precisely.

      2. There are unsupported attributes in the known list:

      a) You cannot create one with unsupported OID and value because its expected class (in VALUE_CLASSES) is null and NPE will be thrown while checking the value type.

      b) You also cannot create one with unsupported OID and encoding because you cannot get a value from it and IOE is thrown.

      c) There is one special SigningCertificate type that you cannot create from value but can from encoding, but then calling derEncode() on it throws an IOE. This SigningCertificate has no other usage inside JDK and therefore not worth parsing at all.

      We should consolidate all type related info into one place and be clear on what we support and not. When there is support, it should be complete.

            bperez Ben Perez
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: