On Tue, 24 Aug 2021 18:05:50 GMT, Weijun Wang <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/util/DerInputStream.java line 352:
>>
>>> 350: * @throws IOException if an I/O error happens while peeking the
>>> byte
>>> 351: */
>>> 352: public boolean seeOptionalContextSpecific(int n) throws
>>> IOException {
>>
>> Given the two getOptionalXXXContextSpecific(int) method, do we really need
>> this to be public? Same goes for the two checkNextTag(...) methods above.
>
> `checkNextTag()` is useful for other kinds of OPTIONAL fields. For example,
> `keyLength` inside
>
>
> PBKDF2-params ::= SEQUENCE {
> salt CHOICE {
> specified OCTET STRING,
> otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
> },
> iterationCount INTEGER (1..MAX),
> keyLength INTEGER (1..MAX) OPTIONAL,
> prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
> }
> ```
> Maybe I should create a `getOptional(byte)` method?
>
> For `seeOptionalContextSpecific`, I was thinking about if I might need to
> read the field using another method. For example, PKCS7 `SignedData` contains
> a field
>
> certificates [0] IMPLICIT CertificateSet OPTIONAL
>
> After I confirm the [0] is actually there, I'll still need to call
> `outerStream.getSet(n, true)` to read the set. Maybe I should create a
> `DerValue::getSet(n)` method or expose the existing `subs()`?
>
> I'll include more examples in this PR so you can judge the design better.
Sure, that'd be good if I have more examples to understand the planned usage
better.
>> src/java.base/share/classes/sun/security/util/DerValue.java line 319:
>>
>>> 317:
>>> 318: /**
>>> 319: * Wraps a byte array at a single DerValue.
>>
>> nit: at=>as
>
> I just want to give it a new name so a user knows the content is only wrapped
> but not cloned.
Hmm, I see. At some point, maybe we need to better document this or consolidate
the APIs.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5221
