On Thu, 10 Nov 2022 02:43:21 GMT, Weijun Wang <[email protected]> wrote:
>> One `PKCS9Attribute` can be created but cannot be encoded. Since the >> `SigningCertificateInfo::parse` method has not fully parsed the data >> (`PolicyInformation` is left out), this code change add the encoding itself >> as a field to the `SigningCertificateInfo` class so we can encode it. >> >> After this change, unsupported `PKCSAttribute` object simply cannot be >> created. The `new(DerValue)` constructor rejects them (type 9-13, 15) in a >> `switch` block, and the `new(ObjectIdentifier, Object)` constructor rejects >> them because `VALUE_CLASSES` for them are null. >> >> In the `encode()` method, we now throw `IllegalArgumentException` for these >> types and they will not happen. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > make class package private test/jdk/sun/security/pkcs/pkcs9/PKCS9AttrTypeTests.java line 176: > 174: // Encoding is supported > 175: DerOutputStream dos = new DerOutputStream(); > 176: p9Attr.encode(dos); Should we check the encoding has the expected value? Otherwise, it looks like we only require that no exception is thrown? ------------- PR: https://git.openjdk.org/jdk/pull/11070
