8296072: CertAttrSet::encode and DerEncoder::derEncode should write into DerOutputStream

Reviewed-by: xuelei, mullan
2025-08-28 23:34:52 +02:00 · 2022-11-01 12:49:11 +00:00 · 2022-11-01 12:49:11 +00:00 · 0d0bd7bd40
commit 0d0bd7bd40
parent 37107fc157
50 changed files with 209 additions and 314 deletions
--- a/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java
+++ b/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java
@ -26,7 +26,6 @@
 package sun.security.x509;

 import java.io.IOException;
-import java.io.OutputStream;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
 import java.security.cert.CertificateException;
@ -148,8 +147,9 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
     * @exception CertificateException on encoding errors.
     * @exception IOException on errors.
     */
-    public void encode(OutputStream out)
-    throws CertificateException, IOException {
+    @Override
+    public void encode(DerOutputStream out)
+            throws CertificateException, IOException {
        encode(out, false);
    }

@ -161,33 +161,21 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
     * @exception CertificateException on encoding errors.
     * @exception IOException on errors.
     */
-    public void encode(OutputStream out, boolean isCertReq)
+    public void encode(DerOutputStream out, boolean isCertReq)
    throws CertificateException, IOException {
        DerOutputStream extOut = new DerOutputStream();
-        Collection<Extension> allExts = map.values();
-        Object[] objs = allExts.toArray();
-
-        for (int i = 0; i < objs.length; i++) {
-            if (objs[i] instanceof CertAttrSet)
-                ((CertAttrSet)objs[i]).encode(extOut);
-            else if (objs[i] instanceof Extension)
-                ((Extension)objs[i]).encode(extOut);
-            else
-                throw new CertificateException("Illegal extension object");
+        for (Extension ext : map.values()) {
+            ext.encode(extOut);
        }

-        DerOutputStream seq = new DerOutputStream();
-        seq.write(DerValue.tag_Sequence, extOut);
-
-        DerOutputStream tmp;
        if (!isCertReq) { // certificate
-            tmp = new DerOutputStream();
-            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)3),
+            DerOutputStream seq = new DerOutputStream();
+            seq.write(DerValue.tag_Sequence, extOut);
+            out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)3),
                    seq);
-        } else
-            tmp = seq; // pkcs#10 certificateRequest
-
-        out.write(tmp.toByteArray());
+        } else {
+            out.write(DerValue.tag_Sequence, extOut);
+        }
    }

    /**