On Tue, 26 Oct 2021 15:28:51 GMT, Sean Mullan wrote:
>> I was asking if `getIssuerAlternativeNameExtension` can throw the exception
>> if IAE exists but not parseable.
>
> Ok, I understand your comment now. I'm hesitant to change those methods to
> throw an exception because to be consistent
On Mon, 25 Oct 2021 23:48:35 GMT, Weijun Wang wrote:
>> Unless I am misunderstanding your comment, I don't think this is an issue in
>> practice. The code inside the `X509CertImpl.getExtension` method only throws
>> an Exception if invalid OIDs or attribute names are passed to the internal
>>
On Mon, 25 Oct 2021 20:17:17 GMT, Sean Mullan wrote:
>> That's probably a little deeper and changing it will have a mass effect.
>> What about at the `getIssuerAlternativeNameExtension` level?
>
> Unless I am misunderstanding your comment, I don't think this is an issue in
> practice. The code
On Mon, 25 Oct 2021 18:29:34 GMT, Weijun Wang wrote:
>> To clarify, do you mean this code in `getExtension(ObjectIdentifier)` that
>> swallows the exception?:
>>
>>
>> } catch (IOException ioe) {
>> return null;
>> }
>
> That's probably a little deeper and changing
On Mon, 25 Oct 2021 15:13:25 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/x509/X509CertImpl.java line 1618:
>>
>>> 1616: }
>>> 1617: SubjectAlternativeNameExtension subjectAltNameExt =
>>> 1618: getSubjectAlternativeNameExtension();
>>
>> Does
On Mon, 25 Oct 2021 14:17:56 GMT, Weijun Wang wrote:
>> The JDK implementation (as supplied by the "SUN" provider) of
>> `X509Certificate::getSubjectAlternativeNames` and
>> `X509Certificate::getIssuerAlternativeNames` returns `null` instead of
>> throwing a `CertificateParsingException` when
On Mon, 25 Oct 2021 14:20:08 GMT, Weijun Wang wrote:
> How about other `X509Certificate` methods that get info of an extension?
Good question. There are 3: `getBasicConstraints`, `getKeyUsage` and
`getExtendedKeyUsage`. The first two methods are not specified to throw an
Exception, so that
On Mon, 25 Oct 2021 12:53:43 GMT, Sean Mullan wrote:
> The JDK implementation (as supplied by the "SUN" provider) of
> `X509Certificate::getSubjectAlternativeNames` and
> `X509Certificate::getIssuerAlternativeNames` returns `null` instead of
> throwing a `CertificateParsingException` when the
The JDK implementation (as supplied by the "SUN" provider) of
`X509Certificate::getSubjectAlternativeNames` and
`X509Certificate::getIssuerAlternativeNames` returns `null` instead of throwing
a `CertificateParsingException` when the extension is unparseable.
This fix changes the behavior to