8296143: CertAttrSet's set/get mechanism is not type-safe

[wangweij]

The major change is to remove the get and set methods in various CertAttrSet child classes and change them to setXyz and getXyz methods. The Xyz words might come from the field name or the attribute name. For example, X509CertInfo now has setExtensions and setValidity instead of set("extensions", exts) and set("validity", validity). This also has the benefit to remove a lot of try-catch blocks on IOExceptions on "unknown attributes" because everything is known now. At the same time, all the identifier name and attribute names are removed from CertAttrSet child classes. The only left is NAME in extensions since it's still used as keys in CertificateExtensions.

Besides assigning a new value to an internal field, the original set methods might also re-encode by calling encodeThis, invalidate the cached encoding (in X509CertInfo), or check for read-only flag (in X509CertImp). Newly added setXyz methods are doing the same. This is one place that future new setter methods should remember.

Most get implementations simply return an internal field. One exception in X509CertImpl is that when getting something inside the X509CertInfo, it wraps exceptions into a new CertificateParsingException. This is actually related to the way CertificateExtensions::get is implemented where an exception is thrown when an extension does not exist. CertificateExtensions::getExtension has been rewritten to follow the CRLExtensions::getExtension style where null is returned in this case.

The only method left in CertAttrSet is encode, and it no longer throws a CertificateException.

Several classes do have their attributes, and still has get/set methods. This includes CertificateExtensions, CRLExtensions, ReasonFlags, KeyUsageExtension, and NetscapeCertTypeExtensions. Some methods are renamed to be clearer. For example, in CertificateExtensions, we have getExtension instead of get.

There are no more AttributeNameEnumeration.java and X509AttributeName.java.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8296143: CertAttrSet's set/get mechanism is not type-safe

Reviewers

• Sean Mullan (@seanjmullan - Reviewer) ⚠️ Review applies to a62ef66d

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/10959/head:pull/10959
$ git checkout pull/10959

Update a local copy of the PR:
$ git checkout pull/10959
$ git pull https://git.openjdk.org/jdk pull/10959/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 10959

View PR using the GUI difftool:
$ git pr show -t 10959

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/10959.diff

[bridgekeeper]

👋 Welcome back weijun! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@wangweij The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 06: Full - Incremental (c6ea9004)
• 05: Full - Incremental (a62ef66d)
• 04: Full - Incremental (b4453f66)
• 03: Full - Incremental (f4b3d09a)
• 02: Full - Incremental (26a1f5c7)
• 01: Full - Incremental (de2ac663)
• 00: Full (8dc7ba34)

[wangweij]

In fact, setter methods in all extensions can be removed since they are only called inside tests.

[mcpowers]

Way easier to read. Amazing work!

[turbanoff]

Suggested change

	return(key);
	return key;

[wangweij]

Thanks. I was just copying lines from the old get method. Will fix.

[seanjmullan]

Should we rename this to "CertAttr" since I think it now supports a single attribute?

[wangweij]

Since it only has encode now, I'll merge it with DerEncoder and remove it in my next step. Therefore I haven't cared about giving it a better name. I had thought about including the merge inside this change but there are a lot of s/derEncode/encode/ renaming and it's better to be done separately.

[seanjmullan]

Great stuff, just a few minor comments.

[seanjmullan]

Nit, add space between "null" and ":".

[seanjmullan]

Nit: add space between "null" and "?".

[seanjmullan]

Nit: add spaces around "-".

[seanjmullan]

Add spaces between "?" and ":".

[seanjmullan]

I would remove this comment. This method is internal and as long as the List is not exposed via a public API (please double-check), a clone is not necessary.

[seanjmullan]

Remove comment if returned Vector cannot be accessed via public APIs.

[openjdk]

@wangweij This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8296143: CertAttrSet's set/get mechanism is not type-safe

Reviewed-by: mullan

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 72 new commits pushed to the master branch:

• 0ee25de: 8296504: Memory leak in G1PLABAllocator::PLABData
• dd5d4df: 8295658: G1: Refactor G1SegmentedArray to indicate that it is an allocator
• cf65605: 8296445: C++ syntax error in jdwpTransport.h
• 1169dc0: 8296447: RISC-V: Make the operands order of vrsub_vx/vrsub_vi consistent with RVV 1.0 spec
• 4c80dff: 8296435: RISC-V: Small refactoring for increment/decrement
• 47d2c7b: 8295376: Improve debug agent virtual thread performance when no debugger is attached
• 76790ad: 8295673: Deprecate and disable legacy parallel class loading workaround for non-parallel-capable class loaders
• b6738c1: 8295663: Rephrase introduction to testing.md
• 7e85b41: 8296154: [macos] Change "/Applications" to "Applications" in DMG image
• 60db5f2: 8294020: improve errors for record declarations
• ... and 62 more: https://git.openjdk.org/jdk/compare/16a041a67a30ad8f3160e211c629c055d3ff2f80...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[wangweij]

/integrate

[openjdk]

Going to push as commit 671f84b.
Since your change was applied there have been 74 commits pushed to the master branch:

• d04d656: 8296433: Encountered null CLD while loading shared lambda proxy class
• 74f2b16: 8295303: cleanup debug agent's confusing use of EI_GC_FINISH
• 0ee25de: 8296504: Memory leak in G1PLABAllocator::PLABData
• dd5d4df: 8295658: G1: Refactor G1SegmentedArray to indicate that it is an allocator
• cf65605: 8296445: C++ syntax error in jdwpTransport.h
• 1169dc0: 8296447: RISC-V: Make the operands order of vrsub_vx/vrsub_vi consistent with RVV 1.0 spec
• 4c80dff: 8296435: RISC-V: Small refactoring for increment/decrement
• 47d2c7b: 8295376: Improve debug agent virtual thread performance when no debugger is attached
• 76790ad: 8295673: Deprecate and disable legacy parallel class loading workaround for non-parallel-capable class loaders
• b6738c1: 8295663: Rephrase introduction to testing.md
• ... and 64 more: https://git.openjdk.org/jdk/compare/16a041a67a30ad8f3160e211c629c055d3ff2f80...master

Your commit was automatically rebased without conflicts.

[openjdk]

@wangweij Pushed as commit 671f84b.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.