Hi Svetlana,
DerValue class may be implicitly used in different areas (x509, SSL/TLS,
keystores, maybe krb5, etc). Please make sure that tests from
jdk_security pass.
I'll leave the main review to someone who is more knowledgeable in this
area, here are a couple of comments:
- Please update copyright year
- You may want to replace new byte[] + System.arraycopy() by
Arrays.copyOfRange()
- It may be better to add a separate test case in ReadP12Test.java for
SequenceInputStream instead of loading a keystore twice in each call to
readTest(). One test with SequenceInputStream seems to be enough, and it
would make the logic of readTest() clearer.
Artem
On 08/26/2016 10:58 AM, Svetlana Nikandrova wrote:
Hello,
please review this fix. It's not possible to read PKCS12 keystore with
big undefined length DER value in it from SequenceInputStream. Root
cause of the problem is that sun.security.util.DerValue relays on
InputStream.available() to get a complete 'indefinite.length' section
length and then read it, but for SequenceInputStream this method
returns number of available bytes only for current input stream, not
the whole sequence. Fixed to read all available data.
JBS:
https://bugs.openjdk.java.net/browse/JDK-8157404
Webrev:
http://cr.openjdk.java.net/~snikandrova/8157404/webrev.00/
<http://cr.openjdk.java.net/%7Esnikandrova/8157404/webrev.00/>
Thanks,
Svetlana
