On Thu, 10 Nov 2022 01:56:29 GMT, Xue-Lei Andrew Fan <[email protected]> wrote:
>> One `PKCS9Attribute` can be created but cannot be encoded. Since the
>> `SigningCertificateInfo::parse` method has not fully parsed the data
>> (`PolicyInformation` is left out), this code change add the encoding itself
>> as a field to the `SigningCertificateInfo` class so we can encode it.
>>
>> After this change, unsupported `PKCSAttribute` object simply cannot be
>> created. The `new(DerValue)` constructor rejects them (type 9-13, 15) in a
>> `switch` block, and the `new(ObjectIdentifier, Object)` constructor rejects
>> them because `VALUE_CLASSES` for them are null.
>>
>> In the `encode()` method, we now throw `IllegalArgumentException` for these
>> types and they will not happen.
>
> src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 628:
>
>> 626: // break unnecessary
>> 627:
>> 628: case 16: // SigningCertificate
>
> I may prefer to use enum for PKCS9_OIDS so that we don't worry about if 16 is
> mapping to SigningCertificate while reading the code. But it is not in the
> scope of this PR.
Totally agree.
> src/java.base/share/classes/sun/security/pkcs/SigningCertificateInfo.java
> line 92:
>
>> 90: }
>> 91:
>> 92: public byte[] toByteArray() {
>
> Is it possible to have the method package private?
The whole class is only used in the same package at the moment. Making only one
method package private is not fair.
-------------
PR: https://git.openjdk.org/jdk/pull/11070
