Skip to content

Commit

Permalink
8296143: CertAttrSet's set/get mechanism is not type-safe
Browse files Browse the repository at this point in the history
Reviewed-by: mullan
  • Loading branch information
wangweij committed Nov 8, 2022
1 parent d04d656 commit 671f84b
Show file tree
Hide file tree
Showing 66 changed files with 632 additions and 2,891 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ public Date getInvalidityDate() {
return null;
} else {
try {
Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE");
Date invalidity = InvalidityDateExtension.toImpl(ext).getDate();
return new Date(invalidity.getTime());
} catch (IOException ioe) {
return null;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -323,7 +323,7 @@ private static HashSet<Object> cloneAndCheckIssuerNames(Collection<?> names)
else
namesCopy.add(nameObject);
}
return(namesCopy);
return namesCopy;
}

/**
Expand Down Expand Up @@ -630,7 +630,7 @@ public boolean match(CRL crl) {
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt =
new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
crlNum = crlNumExt.getCrlNumber();
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in "
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -1288,7 +1288,7 @@ public X500Principal getIssuer() {
*/
@Deprecated(since="16")
public String getIssuerAsString() {
return (issuer == null ? null : issuer.getName());
return issuer == null ? null : issuer.getName();
}

/**
Expand All @@ -1310,7 +1310,7 @@ public String getIssuerAsString() {
* @throws IOException if an encoding error occurs
*/
public byte[] getIssuerAsBytes() throws IOException {
return (issuer == null ? null: issuer.getEncoded());
return issuer == null ? null : issuer.getEncoded();
}

/**
Expand Down Expand Up @@ -1347,7 +1347,7 @@ public X500Principal getSubject() {
*/
@Deprecated(since="16")
public String getSubjectAsString() {
return (subject == null ? null : subject.getName());
return subject == null ? null : subject.getName();
}

/**
Expand All @@ -1369,7 +1369,7 @@ public String getSubjectAsString() {
* @throws IOException if an encoding error occurs
*/
public byte[] getSubjectAsBytes() throws IOException {
return (subject == null ? null : subject.getEncoded());
return subject == null ? null : subject.getEncoded();
}

/**
Expand Down Expand Up @@ -1868,7 +1868,7 @@ private static String keyUsageToString(boolean[] k) {

s += "]\n";

return (s);
return s;
}

/**
Expand Down Expand Up @@ -2120,12 +2120,8 @@ private boolean matchPrivateKeyValid(X509Certificate xcert) {
} catch (CertificateExpiredException e1) {
if (debug != null) {
String time = "n/a";
try {
Date notAfter = ext.get(PrivateKeyUsageExtension.NOT_AFTER);
time = notAfter.toString();
} catch (CertificateException ex) {
// not able to retrieve notAfter value
}
Date notAfter = ext.getNotAfter();
time = notAfter.toString();
debug.println("X509CertSelector.match: private key usage not "
+ "within validity date; ext.NOT_After: "
+ time + "; X509CertSelector: "
Expand All @@ -2136,12 +2132,8 @@ private boolean matchPrivateKeyValid(X509Certificate xcert) {
} catch (CertificateNotYetValidException e2) {
if (debug != null) {
String time = "n/a";
try {
Date notBefore = ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
time = notBefore.toString();
} catch (CertificateException ex) {
// not able to retrieve notBefore value
}
Date notBefore = ext.getNotBefore();
time = notBefore.toString();
debug.println("X509CertSelector.match: private key usage not "
+ "within validity date; ext.NOT_BEFORE: "
+ time + "; X509CertSelector: "
Expand Down Expand Up @@ -2227,8 +2219,7 @@ private boolean matchExtendedKeyUsage(X509Certificate xcert) {
(ExtendedKeyUsageExtension)getExtensionObject(xcert,
KnownOIDs.extendedKeyUsage);
if (ext != null) {
Vector<ObjectIdentifier> certKeyPurposeVector =
ext.get(ExtendedKeyUsageExtension.USAGES);
Vector<ObjectIdentifier> certKeyPurposeVector = ext.getUsages();
if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE)
&& !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) {
if (debug != null) {
Expand Down Expand Up @@ -2264,8 +2255,7 @@ private boolean matchSubjectAlternativeNames(X509Certificate xcert) {
}
return false;
}
GeneralNames certNames =
sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames certNames = sanExt.getNames();
Iterator<GeneralNameInterface> i =
subjectAlternativeGeneralNames.iterator();
while (i.hasNext()) {
Expand Down Expand Up @@ -2333,7 +2323,7 @@ private boolean matchPolicy(X509Certificate xcert) {
}
return false;
}
List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
List<PolicyInformation> policies = ext.getCertPolicies();
/*
* Convert the Vector of PolicyInformation to a Vector
* of CertificatePolicyIds for easier comparison.
Expand Down Expand Up @@ -2401,17 +2391,15 @@ private boolean matchPathToNames(X509Certificate xcert) {
}
}

GeneralSubtrees permitted =
ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
GeneralSubtrees excluded =
ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
GeneralSubtrees permitted = ext.getPermittedSubtrees();
GeneralSubtrees excluded = ext.getExcludedSubtrees();
if (excluded != null) {
if (matchExcluded(excluded) == false) {
if (!matchExcluded(excluded)) {
return false;
}
}
if (permitted != null) {
if (matchPermitted(permitted) == false) {
if (!matchPermitted(permitted)) {
return false;
}
}
Expand Down
4 changes: 1 addition & 3 deletions src/java.base/share/classes/sun/security/pkcs/PKCS7.java
Original file line number Diff line number Diff line change
Expand Up @@ -684,9 +684,7 @@ private void populateCertIssuerNames() {
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
certIssuerName = tbsCert.getIssuer();
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -617,11 +617,7 @@ public void derEncode(DerOutputStream out) throws IOException {
{
DerOutputStream temp2 = new DerOutputStream();
CertificateExtensions exts = (CertificateExtensions)value;
try {
exts.encode(temp2, true);
} catch (CertificateException ex) {
throw new IOException(ex.toString());
}
exts.encode(temp2, true);
temp.write(DerValue.tag_Set, temp2.toByteArray());
}
break;
Expand Down Expand Up @@ -687,7 +683,7 @@ public ObjectIdentifier getOID() {
public String getName() {
String n = oid.toString();
KnownOIDs os = KnownOIDs.findMatch(n);
return (os == null? n : os.stdName());
return os == null ? n : os.stdName();
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -131,8 +131,7 @@ void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)

if (ext != null) {
ski = ext.getEncodedKeyIdentifier();
SerialNumber asn = (SerialNumber)ext.get(
AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
SerialNumber asn = ext.getSerialNumber();
if (asn != null) {
serial = asn.getNumber();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ public void check(Certificate cert,
AlgorithmId algorithmId;
try {
x509Cert = X509CertImpl.toImpl((X509Certificate)cert);
algorithmId = (AlgorithmId)x509Cert.get(X509CertImpl.SIG_ALG);
algorithmId = x509Cert.getSigAlg();
} catch (CertificateException ce) {
throw new CertPathValidatorException(ce);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ static int hops(GeneralNameInterface base, GeneralNameInterface test,
/* base is ancestor of test */
case GeneralNameInterface.NAME_NARROWS:
/* base is descendant of test */
return (test.subtreeDepth()-base.subtreeDepth());
return test.subtreeDepth() - base.subtreeDepth();
default: // should never occur
return incomparable;
}
Expand All @@ -230,7 +230,7 @@ static int hops(GeneralNameInterface base, GeneralNameInterface test,
int commonDistance = commonName.subtreeDepth();
int baseDistance = baseName.subtreeDepth();
int testDistance = testName.subtreeDepth();
return (baseDistance + testDistance - (2 * commonDistance));
return baseDistance + testDistance - (2 * commonDistance);
}
}

Expand Down Expand Up @@ -300,8 +300,7 @@ static int targetDistance(NameConstraintsExtension constraints,
SubjectAlternativeNameExtension altNameExt =
certImpl.getSubjectAlternativeNameExtension();
if (altNameExt != null) {
GeneralNames altNames = altNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
GeneralNames altNames = altNameExt.getNames();
/* see if any alternative name matches target */
if (altNames != null) {
for (int j = 0, n = altNames.size(); j < n; j++) {
Expand Down Expand Up @@ -337,10 +336,8 @@ static int targetDistance(NameConstraintsExtension constraints,
+ constraints);
}
/* reduce permitted by excluded */
GeneralSubtrees permitted =
constraints.get(NameConstraintsExtension.PERMITTED_SUBTREES);
GeneralSubtrees excluded =
constraints.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
GeneralSubtrees permitted = constraints.getPermittedSubtrees();
GeneralSubtrees excluded = constraints.getExcludedSubtrees();
if (permitted != null) {
permitted.reduce(excluded);
}
Expand All @@ -362,7 +359,7 @@ static int targetDistance(NameConstraintsExtension constraints,
GeneralNameInterface perName = permitted.get(i).getName().getName();
int distance = distance(perName, target, -1);
if (distance >= 0) {
return (distance + 1);
return distance + 1;
}
}
/* no matching type in permitted; cert holder could certify target */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
return Collections.emptySet();
}
List<DistributionPoint> points =
ext.get(CRLDistributionPointsExtension.POINTS);
ext.getDistributionPoints();
Set<X509CRL> results = new HashSet<>();
for (Iterator<DistributionPoint> t = points.iterator();
t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) {
Expand All @@ -116,7 +116,7 @@ public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
debug.println("Returning " + results.size() + " CRLs");
}
return results;
} catch (CertificateException | IOException e) {
} catch (CertificateException e) {
return Collections.emptySet();
}
}
Expand Down Expand Up @@ -333,9 +333,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
GeneralNames pointCrlIssuers = point.getCRLIssuer();
X500Name pointCrlIssuer = null;
if (pointCrlIssuers != null) {
if (idpExt == null ||
idpExt.get(IssuingDistributionPointExtension.INDIRECT_CRL)
== Boolean.FALSE) {
if (idpExt == null || !idpExt.isIndirectCRL()) {
return false;
}
boolean match = false;
Expand Down Expand Up @@ -398,8 +396,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
}

if (idpExt != null) {
DistributionPointName idpPoint = (DistributionPointName)
idpExt.get(IssuingDistributionPointExtension.POINT);
DistributionPointName idpPoint = idpExt.getDistributionPoint();
if (idpPoint != null) {
GeneralNames idpNames = idpPoint.getFullName();
if (idpNames == null) {
Expand Down Expand Up @@ -495,9 +492,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,

// if the onlyContainsUserCerts boolean is asserted, verify that the
// cert is not a CA cert
Boolean b = (Boolean)
idpExt.get(IssuingDistributionPointExtension.ONLY_USER_CERTS);
if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() != -1) {
boolean b = idpExt.hasOnlyUserCerts();
if (b && certImpl.getBasicConstraints() != -1) {
if (debug != null) {
debug.println("cert must be a EE cert");
}
Expand All @@ -506,9 +502,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,

// if the onlyContainsCACerts boolean is asserted, verify that the
// cert is a CA cert
b = (Boolean)
idpExt.get(IssuingDistributionPointExtension.ONLY_CA_CERTS);
if (b.equals(Boolean.TRUE) && certImpl.getBasicConstraints() == -1) {
b = idpExt.hasOnlyCACerts();
if (b && certImpl.getBasicConstraints() == -1) {
if (debug != null) {
debug.println("cert must be a CA cert");
}
Expand All @@ -517,9 +512,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,

// verify that the onlyContainsAttributeCerts boolean is not
// asserted
b = (Boolean) idpExt.get
(IssuingDistributionPointExtension.ONLY_ATTRIBUTE_CERTS);
if (b.equals(Boolean.TRUE)) {
b = idpExt.hasOnlyAttributeCerts();
if (b) {
if (debug != null) {
debug.println("cert must not be an AA cert");
}
Expand All @@ -531,8 +525,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
boolean[] interimReasonsMask = new boolean[9];
ReasonFlags reasons = null;
if (idpExt != null) {
reasons = (ReasonFlags)
idpExt.get(IssuingDistributionPointExtension.REASONS);
reasons = idpExt.getRevocationReasons();
}

boolean[] pointReasonFlags = point.getReasonFlags();
Expand Down Expand Up @@ -603,8 +596,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
certSel.setSubjectKeyIdentifier(kid);
}

SerialNumber asn = (SerialNumber)akidext.get(
AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
SerialNumber asn = akidext.getSerialNumber();
if (asn != null) {
certSel.setSerialNumber(asn.getNumber());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -187,27 +187,17 @@ public void updateState(X509Certificate cert)

/* update subjectNamesTraversed only if this is the EE cert or if
this cert is not self-issued */
if (init || !X509CertImpl.isSelfIssued(cert)){
if (init || !X509CertImpl.isSelfIssued(cert)) {
X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName));

try {
SubjectAlternativeNameExtension subjAltNameExt
SubjectAlternativeNameExtension subjAltNameExt
= icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.getNames();
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected "
+ "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
}

Expand Down

1 comment on commit 671f84b

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.