On Fri, 23 May 2025 04:54:26 GMT, Koushik Muthukrishnan Thirupattur
<d...@openjdk.org> wrote:
> Several classes in the `java.security` package lazily compute their hash
> value and store it in a field. These fields can typically be annotated with
> the `@Stable` annotation. Many of the current implementations are using -1 as
> a flag for not computed, this needs to be refactored away.
>
> Here are some examples of such classes: PKCS12Attribute, Timestamp,
> Certificate, and URICertStoreParameters.
I think we should add tests that seralizes/deserializes objects several times
to make sure the hash code works as expected here.
src/java.base/share/classes/java/security/CodeSigner.java line 172:
> 170: throw new InvalidObjectException("signerCertPath is null");
> 171: }
> 172: myhash = 0;
I do not think we can use `@Stable` for this class, as `readObject()` can be
called multiple times on an object.
src/java.base/share/classes/java/security/Timestamp.java line 179:
> 177: throw new InvalidObjectException("Invalid null field(s)");
> 178: }
> 179: myhash = 0;
Same here.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/25405#issuecomment-2939685005
PR Review Comment: https://git.openjdk.org/jdk/pull/25405#discussion_r2126373067
PR Review Comment: https://git.openjdk.org/jdk/pull/25405#discussion_r2126374887
