Code review updated to integrate changes from JDK-8239264:
https://cr.openjdk.java.net/~jnimeh/reviews/8239094/webrev.02/
Thanks,
--Jamil
On 2/17/20 10:31 AM, Jamil Nimeh wrote:
Hello all,
This is a quick fix to our handling of the PKCS#9 challengePassword
attribute. We currently conform to 1.1 of the spec, but RFC 2985
(PKCS#9 v2.0) has the type listed as a DirectoryString, which can be
PrintableString, TeletexString, BMPString, UniversalString or
UTF8String. With this change, we'll be able to accommodate all those
forms.
I also took the liberty of cleaning up a few warnings that NetBeans
had in the file, particularly the replacement of HashTable collections
with HashMap since the former collection is obsolete and we really
don't need a thread-safe collection for something private that's only
written to in static initializers.
Last question: Does anyone think we should be including IA5String as
an allowed string encoding for challengePassword? I know it is not a
DirectoryString allowed type, but I have seen certain configurations
for OpenSSL that would make challengePasswords with characters outside
the PrintableString character set use IA5String. Other than not being
in line with the letter of the spec, I don't see the harm to allowing
it given other sources for this attribute might encode it as
IA5String, and you can't put anything in there that we wouldn't have
to be able to handle otherwise in other string encodings (e.g.
UTF8String).
Right now, the review doesn't have IA5String, I'm adhering to the spec
for this initial review.
Bug: https://bugs.openjdk.java.net/browse/JDK-8239094
Webrev: https://cr.openjdk.java.net/~jnimeh/reviews/8239094/webrev.01/
Thanks,
--Jamil
