On Tue, 15 Feb 2022 16:09:13 GMT, Michael Osipov <d...@openjdk.java.net> wrote:
>> But in this case, we still have a place to provide the raw bytes. Maybe >> that's better? Or you'd rather be guaranteed that one particular otherName >> should always have a string there and there's no need to do an `instanceof` >> check? What if the tag is already wrong and I don't know it should be a >> string? > > I have thought about this actually. Now the parse is free of any semantics, > which is naive. Actually, you need a list of wellknown OIDs to know the > target tag type to perform the conversion. E.g., you know that MS UPN must be > UTF8String, if not this is an error. If you don't know the OID, don't touch > it. > OpenSSL knows the semantics and decodes it, otherwise don't touch it and > leave it: > https://github.com/openssl/openssl/blob/317acac5cc0a2cb31bc4b91353c2b752a3989d8a/crypto/x509/v3_san.c#L113-L120 Maybe adopt the list of OpenSSL, otherwise return byte array? ------------- PR: https://git.openjdk.java.net/jdk/pull/7167
