On Thu, 10 Nov 2022 02:43:21 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> One `PKCS9Attribute` can be created but cannot be encoded. Since the
>> `SigningCertificateInfo::parse` method has not fully parsed the data
>> (`PolicyInformation` is left out), this code change add the encoding itself
>> as a field to the `SigningCertificateInfo` class so we can encode it.
>>
>> After this change, unsupported `PKCSAttribute` object simply cannot be
>> created. The `new(DerValue)` constructor rejects them (type 9-13, 15) in a
>> `switch` block, and the `new(ObjectIdentifier, Object)` constructor rejects
>> them because `VALUE_CLASSES` for them are null.
>>
>> In the `encode()` method, we now throw `IllegalArgumentException` for these
>> types and they will not happen.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> make class package private
src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java line 381:
> 379: index = indexOf(oid, PKCS9_OIDS, 1);
> 380: Class<?> clazz = index == -1 ? BYTE_ARRAY_CLASS:
> VALUE_CLASSES[index];
> 381: if (clazz == null || !clazz.isInstance(value)) {
If my reading of the current impl is correct, if clazz is null, the attribute
is not supported. The error message seems a bit misleading as it's not really
due to the value itself, but the attribute is not supported. Is it just for
avoiding NPE and changing it into IAE?
-------------
PR: https://git.openjdk.org/jdk/pull/11070
