New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8296143: CertAttrSet's set/get mechanism is not type-safe #10959
Conversation
👋 Welcome back weijun! A progress list of the required criteria for merging this PR into |
Webrevs
|
In fact, setter methods in all extensions can be removed since they are only called inside tests. |
src/java.base/share/classes/java/security/cert/X509CertSelector.java
Outdated
Show resolved
Hide resolved
src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
Outdated
Show resolved
Hide resolved
Way easier to read. Amazing work! |
"CertAttrSet: CertificateX509Key."); | ||
} | ||
public PublicKey getKey() { | ||
return(key); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return(key); | |
return key; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I was just copying lines from the old get method. Will fix.
*/ | ||
public interface CertAttrSet<T> { | ||
public interface CertAttrSet { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we rename this to "CertAttr" since I think it now supports a single attribute?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since it only has encode
now, I'll merge it with DerEncoder
and remove it in my next step. Therefore I haven't cared about giving it a better name. I had thought about including the merge inside this change but there are a lot of s/derEncode/encode/
renaming and it's better to be done separately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great stuff, just a few minor comments.
@@ -1310,7 +1310,7 @@ public String getIssuerAsString() { | |||
* @throws IOException if an encoding error occurs | |||
*/ | |||
public byte[] getIssuerAsBytes() throws IOException { | |||
return (issuer == null ? null: issuer.getEncoded()); | |||
return issuer == null ? null: issuer.getEncoded(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit, add space between "null" and ":".
@@ -687,7 +683,7 @@ public ObjectIdentifier getOID() { | |||
public String getName() { | |||
String n = oid.toString(); | |||
KnownOIDs os = KnownOIDs.findMatch(n); | |||
return (os == null? n : os.stdName()); | |||
return os == null? n : os.stdName(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: add space between "null" and "?".
@@ -204,7 +204,7 @@ static int hops(GeneralNameInterface base, GeneralNameInterface test, | |||
/* base is ancestor of test */ | |||
case GeneralNameInterface.NAME_NARROWS: | |||
/* base is descendant of test */ | |||
return (test.subtreeDepth()-base.subtreeDepth()); | |||
return test.subtreeDepth()-base.subtreeDepth(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: add spaces around "-".
info.set(X509CertInfo.SUBJECT, | ||
dname==null?req.getSubjectName():new X500Name(dname)); | ||
info.setKey(new CertificateX509Key(req.getSubjectPublicKeyInfo())); | ||
info.setSubject(dname==null?req.getSubjectName():new X500Name(dname)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add spaces between "?" and ":".
"CertAttrSet:CertificatePoliciesExtension."); | ||
} | ||
public List<PolicyInformation> getCertPolicies() { | ||
//XXXX May want to consider cloning this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would remove this comment. This method is internal and as long as the List is not exposed via a public API (please double-check), a clone is not necessary.
"CertAttrSet:ExtendedKeyUsageExtension."); | ||
} | ||
public Vector<ObjectIdentifier> getUsages() { | ||
//XXXX May want to consider cloning this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove comment if returned Vector cannot be accessed via public APIs.
@wangweij This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 72 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
/integrate |
Going to push as commit 671f84b.
Your commit was automatically rebased without conflicts. |
The major change is to remove the
get
andset
methods in variousCertAttrSet
child classes and change them tosetXyz
andgetXyz
methods. TheXyz
words might come from the field name or the attribute name. For example,X509CertInfo
now hassetExtensions
andsetValidity
instead ofset("extensions", exts)
andset("validity", validity)
. This also has the benefit to remove a lot of try-catch blocks onIOException
s on "unknown attributes" because everything is known now. At the same time, all the identifier name and attribute names are removed fromCertAttrSet
child classes. The only left isNAME
in extensions since it's still used as keys inCertificateExtensions
.Besides assigning a new value to an internal field, the original
set
methods might also re-encode by callingencodeThis
, invalidate the cached encoding (inX509CertInfo
), or check for read-only flag (inX509CertImp
). Newly addedsetXyz
methods are doing the same. This is one place that future new setter methods should remember.Most
get
implementations simply return an internal field. One exception inX509CertImpl
is that when getting something inside theX509CertInfo
, it wraps exceptions into a newCertificateParsingException
. This is actually related to the wayCertificateExtensions::get
is implemented where an exception is thrown when an extension does not exist.CertificateExtensions::getExtension
has been rewritten to follow theCRLExtensions::getExtension
style wherenull
is returned in this case.The only method left in
CertAttrSet
isencode
, and it no longer throws aCertificateException
.Several classes do have their attributes, and still has get/set methods. This includes
CertificateExtensions
,CRLExtensions
,ReasonFlags
,KeyUsageExtension
, andNetscapeCertTypeExtensions
. Some methods are renamed to be clearer. For example, inCertificateExtensions
, we havegetExtension
instead ofget
.There are no more
AttributeNameEnumeration.java
andX509AttributeName.java
.Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/10959/head:pull/10959
$ git checkout pull/10959
Update a local copy of the PR:
$ git checkout pull/10959
$ git pull https://git.openjdk.org/jdk pull/10959/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 10959
View PR using the GUI difftool:
$ git pr show -t 10959
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/10959.diff