On Tue, 15 Feb 2022 09:10:22 GMT, Michael Osipov <d...@openjdk.java.net> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> specifies the type of the 4th element
>
> src/java.base/share/classes/sun/security/x509/OtherName.java line 93:
>
>> 91: oid = in.getOID();
>> 92: DerValue derValue1 = in.getDerValue();
>> 93: if (!derValue1.isContextSpecific((byte)0)) {
>
> Where do you check for constructed (0x20)?
> E.g.:
>
> byte tag = buf.get();
> if (!(((tag >> CONTEXT_SPECIFIC_BIT) & 1) != 0 && ((tag >> CONSTRUCTED_BIT) &
> 1) != 0))
> throw new CertificateParsingException("Value must be explicitly
> encoded");
>
> int tagNumber = tag & 0xFF;
> tagNumber &= ~(1 << CONTEXT_SPECIFIC_BIT);
> tagNumber &= ~(1 << CONSTRUCTED_BIT);
>
> if (tagNumber != 0)
> throw new CertificateParsingException("Value tag number must be 0, but
> is " + tagNumber);
Oops, I should add an `isConstructed()` check.
> test/jdk/sun/security/x509/OtherName/Parse.java line 86:
>
>> 84: int found = 0;
>> 85: for (var san : x.getSubjectAlternativeNames()) {
>> 86: if (san.get(2).equals("1.2.3.5")
>
> Would it make sense to explicitly test length for at least 4?
Sure.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7167
