On Fri, 17 Oct 2025 17:03:35 GMT, Mikhail Yankelevich <[email protected]> wrote:
>> In [JDK-8309667](https://bugs.openjdk.org/browse/JDK-8309667), there were >> issues with debugging due to no logging or throwing of errors by >> X509KeyManagerImpl::getEntry. >> [Line](https://github.com/openjdk/jdk/blob/6a4c2676a6378f573bd58d1bc32b57765d756291/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java#L243-L245) >> >> Extra logging and error propagating should be implemented for the >> X509KeyManagerImpl. >> >> Additionally, dot checking logic has been changed, so no cases similar to >> `.A` will not trigger StringOutOfBounds exceptions. >> >> Thank you @djelinski for finding the issue and analysis. > > Mikhail Yankelevich has updated the pull request incrementally with one > additional commit since the last revision: > > Artur's comments src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java line 234: > 232: if (SSLLogger.isOn && SSLLogger.isOn("keymanager")) { > 233: SSLLogger.warning("Invalid alias format: " + alias); > 234: } Since the 2nd `indexOf` method actually doesn't throw Out Of Bounds exception if the 2nd argument is larger than the string's length (it returns `-1` instead), we can simplify this code: int firstDot = alias.indexOf('.'); int secondDot = alias.indexOf('.', firstDot + 1); if (firstDot < 1 || secondDot - firstDot < 2 || alias.length() - secondDot < 2) { if (SSLLogger.isOn && SSLLogger.isOn("keymanager")) { SSLLogger.warning("Invalid alias format: " + alias); } return null; } ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27851#discussion_r2440738514
