Skip to content

Commit

Permalink
8296143: CertAttrSet's set/get mechanism is not type-safe
Browse files Browse the repository at this point in the history 
Reviewed-by: mullan
  • Loading branch information
@wangweij
wangweij committed Nov 8, 2022
1 parent d04d656 commit 671f84b
Show file tree
Hide file tree
Showing 66 changed files with 632 additions and 2,891 deletions.
2 changes: 1 addition & 1 deletion src/java.base/share/classes/java/security/cert/CertificateRevokedException.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ public Date getInvalidityDate() {
return null;
} else {
try {
Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE");
Date invalidity = InvalidityDateExtension.toImpl(ext).getDate();
return new Date(invalidity.getTime());
} catch (IOException ioe) {
return null;
Expand Down
6 changes: 3 additions & 3 deletions src/java.base/share/classes/java/security/cert/X509CRLSelector.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -323,7 +323,7 @@ private static HashSet<Object> cloneAndCheckIssuerNames(Collection<?> names)
else
namesCopy.add(nameObject);
}
return(namesCopy);
return namesCopy;
}

/**
Expand Down Expand Up @@ -630,7 +630,7 @@ public boolean match(CRL crl) {
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt =
new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
crlNum = crlNumExt.getCrlNumber();
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in "
Expand Down
46 changes: 17 additions & 29 deletions src/java.base/share/classes/java/security/cert/X509CertSelector.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -1288,7 +1288,7 @@ public X500Principal getIssuer() {
*/
@Deprecated(since="16")
public String getIssuerAsString() {
return (issuer == null ? null : issuer.getName());
return issuer == null ? null : issuer.getName();
}

/**
Expand All @@ -1310,7 +1310,7 @@ public String getIssuerAsString() {
* @throws IOException if an encoding error occurs
*/
public byte[] getIssuerAsBytes() throws IOException {
return (issuer == null ? null: issuer.getEncoded());
return issuer == null ? null : issuer.getEncoded();
}

/**
Expand Down Expand Up @@ -1347,7 +1347,7 @@ public X500Principal getSubject() {
*/
@Deprecated(since="16")
public String getSubjectAsString() {
return (subject == null ? null : subject.getName());
return subject == null ? null : subject.getName();
}

/**
Expand All @@ -1369,7 +1369,7 @@ public String getSubjectAsString() {
* @throws IOException if an encoding error occurs
*/
public byte[] getSubjectAsBytes() throws IOException {
return (subject == null ? null : subject.getEncoded());
return subject == null ? null : subject.getEncoded();
}

/**
Expand Down Expand Up @@ -1868,7 +1868,7 @@ private static String keyUsageToString(boolean[] k) {

s += "]\n";

return (s);
return s;
}

/**
Expand Down Expand Up @@ -2120,12 +2120,8 @@ private boolean matchPrivateKeyValid(X509Certificate xcert) {
} catch (CertificateExpiredException e1) {
if (debug != null) {
String time = "n/a";
try {
Date notAfter = ext.get(PrivateKeyUsageExtension.NOT_AFTER);
time = notAfter.toString();
} catch (CertificateException ex) {
// not able to retrieve notAfter value
}
Date notAfter = ext.getNotAfter();
time = notAfter.toString();
debug.println("X509CertSelector.match: private key usage not "
+ "within validity date; ext.NOT_After: "
+ time + "; X509CertSelector: "
Expand All @@ -2136,12 +2132,8 @@ private boolean matchPrivateKeyValid(X509Certificate xcert) {
} catch (CertificateNotYetValidException e2) {
if (debug != null) {
String time = "n/a";
try {
Date notBefore = ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
time = notBefore.toString();
} catch (CertificateException ex) {
// not able to retrieve notBefore value
}
Date notBefore = ext.getNotBefore();
time = notBefore.toString();
debug.println("X509CertSelector.match: private key usage not "
+ "within validity date; ext.NOT_BEFORE: "
+ time + "; X509CertSelector: "
Expand Down Expand Up @@ -2227,8 +2219,7 @@ private boolean matchExtendedKeyUsage(X509Certificate xcert) {
(ExtendedKeyUsageExtension)getExtensionObject(xcert,
KnownOIDs.extendedKeyUsage);
if (ext != null) {
Vector<ObjectIdentifier> certKeyPurposeVector =
ext.get(ExtendedKeyUsageExtension.USAGES);
Vector<ObjectIdentifier> certKeyPurposeVector = ext.getUsages();
if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE)
&& !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) {
if (debug != null) {
Expand Down Expand Up @@ -2264,8 +2255,7 @@ private boolean matchSubjectAlternativeNames(X509Certificate xcert) {
}
return false;
}
GeneralNames certNames =
sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames certNames = sanExt.getNames();
Iterator<GeneralNameInterface> i =
subjectAlternativeGeneralNames.iterator();
while (i.hasNext()) {
Expand Down Expand Up @@ -2333,7 +2323,7 @@ private boolean matchPolicy(X509Certificate xcert) {
}
return false;
}
List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
List<PolicyInformation> policies = ext.getCertPolicies();
/*
* Convert the Vector of PolicyInformation to a Vector
* of CertificatePolicyIds for easier comparison.
Expand Down Expand Up @@ -2401,17 +2391,15 @@ private boolean matchPathToNames(X509Certificate xcert) {
}
}

GeneralSubtrees permitted =
ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
GeneralSubtrees excluded =
ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
GeneralSubtrees permitted = ext.getPermittedSubtrees();
GeneralSubtrees excluded = ext.getExcludedSubtrees();
if (excluded != null) {
if (matchExcluded(excluded) == false) {
if (!matchExcluded(excluded)) {
return false;
}
}
if (permitted != null) {
if (matchPermitted(permitted) == false) {
if (!matchPermitted(permitted)) {
return false;
}
}
Expand Down
4 changes: 1 addition & 3 deletions src/java.base/share/classes/sun/security/pkcs/PKCS7.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -684,9 +684,7 @@ private void populateCertIssuerNames() {
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
certIssuerName = tbsCert.getIssuer();
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
Expand Down
8 changes: 2 additions & 6 deletions src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -617,11 +617,7 @@ public void derEncode(DerOutputStream out) throws IOException {
{
DerOutputStream temp2 = new DerOutputStream();
CertificateExtensions exts = (CertificateExtensions)value;
try {
exts.encode(temp2, true);
} catch (CertificateException ex) {
throw new IOException(ex.toString());
}
exts.encode(temp2, true);
temp.write(DerValue.tag_Set, temp2.toByteArray());
}
break;
Expand Down Expand Up @@ -687,7 +683,7 @@ public ObjectIdentifier getOID() {
public String getName() {
String n = oid.toString();
KnownOIDs os = KnownOIDs.findMatch(n);
return (os == null? n : os.stdName());
return os == null ? n : os.stdName();
}

/**
Expand Down
3 changes: 1 addition & 2 deletions src/java.base/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,8 +131,7 @@ void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)

if (ext != null) {
ski = ext.getEncodedKeyIdentifier();
SerialNumber asn = (SerialNumber)ext.get(
AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
SerialNumber asn = ext.getSerialNumber();
if (asn != null) {
serial = asn.getNumber();
}
Expand Down
2 changes: 1 addition & 1 deletion src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ public void check(Certificate cert,
AlgorithmId algorithmId;
try {
x509Cert = X509CertImpl.toImpl((X509Certificate)cert);
algorithmId = (AlgorithmId)x509Cert.get(X509CertImpl.SIG_ALG);
algorithmId = x509Cert.getSigAlg();
} catch (CertificateException ce) {
throw new CertPathValidatorException(ce);
}
Expand Down
15 changes: 6 additions & 9 deletions src/java.base/share/classes/sun/security/provider/certpath/Builder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ static int hops(GeneralNameInterface base, GeneralNameInterface test,
/* base is ancestor of test */
case GeneralNameInterface.NAME_NARROWS:
/* base is descendant of test */
return (test.subtreeDepth()-base.subtreeDepth());
return test.subtreeDepth() - base.subtreeDepth();
default: // should never occur
return incomparable;
}
Expand All @@ -230,7 +230,7 @@ static int hops(GeneralNameInterface base, GeneralNameInterface test,
int commonDistance = commonName.subtreeDepth();
int baseDistance = baseName.subtreeDepth();
int testDistance = testName.subtreeDepth();
return (baseDistance + testDistance - (2 * commonDistance));
return baseDistance + testDistance - (2 * commonDistance);
}
}

Expand Down Expand Up @@ -300,8 +300,7 @@ static int targetDistance(NameConstraintsExtension constraints,
SubjectAlternativeNameExtension altNameExt =
certImpl.getSubjectAlternativeNameExtension();
if (altNameExt != null) {
GeneralNames altNames = altNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames altNames = altNameExt.getNames();
/* see if any alternative name matches target */
if (altNames != null) {
for (int j = 0, n = altNames.size(); j < n; j++) {
Expand Down Expand Up @@ -337,10 +336,8 @@ static int targetDistance(NameConstraintsExtension constraints,
+ constraints);
}
/* reduce permitted by excluded */
GeneralSubtrees permitted =
constraints.get(NameConstraintsExtension.PERMITTED_SUBTREES);
GeneralSubtrees excluded =
constraints.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
GeneralSubtrees permitted = constraints.getPermittedSubtrees();
GeneralSubtrees excluded = constraints.getExcludedSubtrees();
if (permitted != null) {
permitted.reduce(excluded);
}
Expand All @@ -362,7 +359,7 @@ static int targetDistance(NameConstraintsExtension constraints,
GeneralNameInterface perName = permitted.get(i).getName().getName();
int distance = distance(perName, target, -1);
if (distance >= 0) {
return (distance + 1);
return distance + 1;
}
}
/* no matching type in permitted; cert holder could certify target */
Expand Down
32 changes: 12 additions & 20 deletions src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
return Collections.emptySet();
}
List<DistributionPoint> points =
ext.get(CRLDistributionPointsExtension.POINTS);
ext.getDistributionPoints();
Set<X509CRL> results = new HashSet<>();
for (Iterator<DistributionPoint> t = points.iterator();
t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) {
Expand All @@ -116,7 +116,7 @@ public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
debug.println("Returning " + results.size() + " CRLs");
}
return results;
} catch (CertificateException | IOException e) {
} catch (CertificateException e) {
return Collections.emptySet();
}
}
Expand Down Expand Up @@ -333,9 +333,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
GeneralNames pointCrlIssuers = point.getCRLIssuer();
X500Name pointCrlIssuer = null;
if (pointCrlIssuers != null) {
if (idpExt == null ||
idpExt.get(IssuingDistributionPointExtension.INDIRECT_CRL)
== Boolean.FALSE) {
if (idpExt == null || !idpExt.isIndirectCRL()) {
return false;
}
boolean match = false;
Expand Down Expand Up @@ -398,8 +396,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
}

if (idpExt != null) {
DistributionPointName idpPoint = (DistributionPointName)
idpExt.get(IssuingDistributionPointExtension.POINT);
DistributionPointName idpPoint = idpExt.getDistributionPoint();
if (idpPoint != null) {
GeneralNames idpNames = idpPoint.getFullName();
if (idpNames == null) {
Expand Down Expand Up @@ -495,9 +492,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,

// if the onlyContainsUserCerts boolean is asserted, verify that the
// cert is not a CA cert
Boolean b = (Boolean)
idpExt.get(IssuingDistributionPointExtension.ONLY_USER_CERTS);
if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() != -1) {
boolean b = idpExt.hasOnlyUserCerts();
if (b && certImpl.getBasicConstraints() != -1) {
if (debug != null) {
debug.println("cert must be a EE cert");
}
Expand All @@ -506,9 +502,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,

// if the onlyContainsCACerts boolean is asserted, verify that the
// cert is a CA cert
b = (Boolean)
idpExt.get(IssuingDistributionPointExtension.ONLY_CA_CERTS);
if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() == -1) {
b = idpExt.hasOnlyCACerts();
if (b && certImpl.getBasicConstraints() == -1) {
if (debug != null) {
debug.println("cert must be a CA cert");
}
Expand All @@ -517,9 +512,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,

// verify that the onlyContainsAttributeCerts boolean is not
// asserted
b = (Boolean) idpExt.get
(IssuingDistributionPointExtension.ONLY_ATTRIBUTE_CERTS);
if (b.equals(Boolean.TRUE)) {
b = idpExt.hasOnlyAttributeCerts();
if (b) {
if (debug != null) {
debug.println("cert must not be an AA cert");
}
Expand All @@ -531,8 +525,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
boolean[] interimReasonsMask = new boolean[9];
ReasonFlags reasons = null;
if (idpExt != null) {
reasons = (ReasonFlags)
idpExt.get(IssuingDistributionPointExtension.REASONS);
reasons = idpExt.getRevocationReasons();
}

boolean[] pointReasonFlags = point.getReasonFlags();
Expand Down Expand Up @@ -603,8 +596,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
certSel.setSubjectKeyIdentifier(kid);
}

SerialNumber asn = (SerialNumber)akidext.get(
AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
SerialNumber asn = akidext.getSerialNumber();
if (asn != null) {
certSel.setSerialNumber(asn.getNumber());
}
Expand Down
22 changes: 6 additions & 16 deletions src/java.base/share/classes/sun/security/provider/certpath/ForwardState.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,27 +187,17 @@ public void updateState(X509Certificate cert)

/* update subjectNamesTraversed only if this is the EE cert or if
this cert is not self-issued */
if (init || !X509CertImpl.isSelfIssued(cert)){
if (init || !X509CertImpl.isSelfIssued(cert)) {
X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName));

try {
SubjectAlternativeNameExtension subjAltNameExt
SubjectAlternativeNameExtension subjAltNameExt
= icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.getNames();
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected "
+ "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
}

Expand Down
Loading

1 comment on commit 671f84b

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

Please sign in to comment.