JDK 8 Code Review Request: 6500133/6931888: CertificateParsingException for CDP (original) (raw)

Jason Uh jason.uh at oracle.com
Wed Aug 15 23:37:47 UTC 2012

Thanks, Sean.

New webrev updated with your suggestions: http://cr.openjdk.java.net/~juh/6500133/webrev.01/

Jason

On 08/15/2012 10:38 AM, Sean Mullan wrote:

This looks good to me. Couple of comments:

111: Can you add a comment, something like "Try parsing the URI again after encoding/escaping any illegal characters". 113-4: When this code was written there probably wasn't yet an IOException(String, Throwable) ctor. Now there is, so you can change this to: throw new IOException("invalid URI name:" + name, use2); There are also a couple other places in URIName where you can replace the same code using initCause with the IOExc ctor above. That's a low-risk refactoring you can include in this change. --Sean On 08/14/2012 11:51 PM, Jason Uh wrote: Hi all,

This change fixes -- 6500133: CertificateParsingException for CRL Distribution Point with blank; and 6931888: Inconsistent behavior for invalid URI name in cert file CRs: http://bugs.sun.com/bugdatabase/viewbug.do?bugid=6500133 http://bugs.sun.com/bugdatabase/viewbug.do?bugid=6931888 They are effectively duplicates, both regarding an exception thrown when parsing CRL Distribution Point URIs with invalid characters, like a space or backslash. This change uses sun.net.www.ParseUtil.encodePath(String) to re-encode bad URIs. Webrev: http://cr.openjdk.java.net/~juh/6500133/webrev.00/ Thanks, Jason

More information about the security-dev mailing list