8296143: CertAttrSet's set/get mechanism is not type-safe

Reviewed-by: mullan
2025-08-26 14:24:46 +02:00 · 2022-11-08 22:35:29 +00:00 · 2022-11-08 22:35:29 +00:00 · 671f84bd86
commit 671f84bd86
parent d04d6566b0
66 changed files with 643 additions and 2902 deletions
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@ -1451,10 +1451,8 @@ public final class Main {
        Certificate signerCert = keyStore.getCertificate(alias);
        byte[] encoded = signerCert.getEncoded();
        X509CertImpl signerCertImpl = new X509CertImpl(encoded);
-        X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
-                X509CertImpl.NAME + "." + X509CertImpl.INFO);
-        X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                                           X509CertInfo.DN_NAME);
+        X509CertInfo signerCertInfo = signerCertImpl.getInfo();
+        X500Name issuer = signerCertInfo.getSubject();

        Date firstDate = getStartDate(startDate);
        Date lastDate = getLastDate(firstDate, validity);
@ -1467,12 +1465,10 @@ public final class Main {
            sigAlgName = getCompatibleSigAlgName(privateKey);
        }
        X509CertInfo info = new X509CertInfo();
-        info.set(X509CertInfo.VALIDITY, interval);
-        info.set(X509CertInfo.SERIAL_NUMBER,
-                CertificateSerialNumber.newRandom64bit(new SecureRandom()));
-        info.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
-        info.set(X509CertInfo.ISSUER, issuer);
+        info.setValidity(interval);
+        info.setSerialNumber(CertificateSerialNumber.newRandom64bit(new SecureRandom()));
+        info.setVersion(new CertificateVersion(CertificateVersion.V3));
+        info.setIssuer(issuer);

        BufferedReader reader = new BufferedReader(new InputStreamReader(in));
        boolean canRead = false;
@ -1498,9 +1494,8 @@ public final class Main {
                req.getSubjectPublicKeyInfo(), null, null, null);
        checkWeakConstraint(rb.getString("the.certificate.request"), req, cpcp);

-        info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
-        info.set(X509CertInfo.SUBJECT,
-                    dname==null?req.getSubjectName():new X500Name(dname));
+        info.setKey(new CertificateX509Key(req.getSubjectPublicKeyInfo()));
+        info.setSubject(dname==null ? req.getSubjectName() : new X500Name(dname));
        CertificateExtensions reqex = null;
        for (PKCS10Attribute attr : req.getAttributes().getAttributes()) {
            if (attr.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
@ -1540,7 +1535,7 @@ public final class Main {
                v3ext,
                subjectPubKey,
                signerSubjectKeyId);
-        info.set(X509CertInfo.EXTENSIONS, ext);
+        info.setExtensions(ext);
        X509CertImpl cert = new X509CertImpl(info);
        cert.sign(privateKey, sigAlgName);
        dumpCert(cert, out);
@ -1567,10 +1562,8 @@ public final class Main {
        Certificate signerCert = keyStore.getCertificate(alias);
        byte[] encoded = signerCert.getEncoded();
        X509CertImpl signerCertImpl = new X509CertImpl(encoded);
-        X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
-                X509CertImpl.NAME + "." + X509CertImpl.INFO);
-        X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                                                      X509CertInfo.DN_NAME);
+        X509CertInfo signerCertInfo = signerCertImpl.getInfo();
+        X500Name owner = signerCertInfo.getSubject();

        Date firstDate = getStartDate(startDate);
        Date lastDate = getLastDate(firstDate, validity);
@ -1589,7 +1582,7 @@ public final class Main {
            int d = id.indexOf(':');
            if (d >= 0) {
                CRLExtensions ext = new CRLExtensions();
-                ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
+                ext.setExtension("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
                badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
                        firstDate, ext);
            } else {
@ -1970,10 +1963,8 @@ public final class Main {
                signerCertImpl = new X509CertImpl(signerCert.getEncoded());
            }

-            X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
-                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
-            X500Name signerSubjectName = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                    X509CertInfo.DN_NAME);
+            X509CertInfo signerCertInfo = signerCertImpl.getInfo();
+            X500Name signerSubjectName = signerCertInfo.getSubject();

            keypair = new CertAndKeyGen(keyAlgName, sigAlgName, providerName,
                    signerPrivateKey, signerSubjectName);
@ -2066,7 +2057,7 @@ public final class Main {
     * Clones an entry
     * @param orig original alias
     * @param dest destination alias
-     * @changePassword if the password can be changed
+     * @param changePassword if the password can be changed
     */
    private void doCloneEntry(String orig, String dest, boolean changePassword)
        throws Exception
@ -2666,8 +2657,7 @@ public final class Main {
        CRLDistributionPointsExtension ext =
                X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
        if (ext == null) return crls;
-        List<DistributionPoint> distPoints =
-                ext.get(CRLDistributionPointsExtension.POINTS);
+        List<DistributionPoint> distPoints = ext.getDistributionPoints();
        for (DistributionPoint o: distPoints) {
            GeneralNames names = o.getFullName();
            if (names != null) {
@ -3202,47 +3192,41 @@ public final class Main {
        // (no public APIs available yet)
        byte[] encoded = oldCert.getEncoded();
        X509CertImpl certImpl = new X509CertImpl(encoded);
-        X509CertInfo certInfo = (X509CertInfo)certImpl.get(X509CertImpl.NAME
-                                                           + "." +
-                                                           X509CertImpl.INFO);
+        X509CertInfo certInfo = certImpl.getInfo();

        // Extend its validity
        Date firstDate = getStartDate(startDate);
        Date lastDate = getLastDate(firstDate, validity);
        CertificateValidity interval = new CertificateValidity(firstDate,
                                                               lastDate);
-        certInfo.set(X509CertInfo.VALIDITY, interval);
+        certInfo.setValidity(interval);

        // Make new serial number
-        certInfo.set(X509CertInfo.SERIAL_NUMBER,
+        certInfo.setSerialNumber(
                CertificateSerialNumber.newRandom64bit(new SecureRandom()));

        // Set owner and issuer fields
        X500Name owner;
        if (dname == null) {
            // Get the owner name from the certificate
-            owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
-                                           X509CertInfo.DN_NAME);
+            owner = certInfo.getSubject();
        } else {
            // Use the owner name specified at the command line
            owner = new X500Name(dname);
-            certInfo.set(X509CertInfo.SUBJECT + "." +
-                         X509CertInfo.DN_NAME, owner);
+            certInfo.setSubject(owner);
        }
        // Make issuer same as owner (self-signed!)
-        certInfo.set(X509CertInfo.ISSUER + "." +
-                     X509CertInfo.DN_NAME, owner);
+        certInfo.setIssuer(owner);

-        certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
+        certInfo.setVersion(new CertificateVersion(CertificateVersion.V3));

        CertificateExtensions ext = createV3Extensions(
                null,
-                (CertificateExtensions)certInfo.get(X509CertInfo.EXTENSIONS),
+                certInfo.getExtensions(),
                v3ext,
                oldCert.getPublicKey(),
                null);
-        certInfo.set(X509CertInfo.EXTENSIONS, ext);
+        certInfo.setExtensions(ext);
        // Sign the new certificate
        X509CertImpl newCert = new X509CertImpl(certInfo);
        newCert.sign(privKey, sigAlgName);
@ -3505,7 +3489,7 @@ public final class Main {

    /**
     * Prompts user for an input string from the command line (System.in)
-     * @prompt the prompt string printed
+     * @param prompt the prompt string printed
     * @return the string entered by the user, without the \n at the end
     */
    private String inputStringFromStdin(String prompt) throws Exception {
@ -3634,11 +3618,8 @@ public final class Main {
        out.println(form.format(source));

        if (cert instanceof X509CertImpl impl) {
-            X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME
-                                                           + "." +
-                                                           X509CertImpl.INFO);
-            CertificateExtensions exts = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
+            X509CertInfo certInfo = impl.getInfo();
+            CertificateExtensions exts = certInfo.getExtensions();
            if (exts != null) {
                printExtensions(rb.getString("Extensions."), exts, out);
            }
@ -4506,9 +4487,8 @@ public final class Main {
    }

    // Add an extension into a CertificateExtensions, always using OID as key
-    private static void setExt(CertificateExtensions result, Extension ex)
-            throws IOException {
-        result.set(ex.getId(), ex);
+    private static void setExt(CertificateExtensions result, Extension ex) {
+        result.setExtension(ex.getId(), ex);
    }

    /**
@ -4568,7 +4548,7 @@ public final class Main {
                // translate to all-OID first.
                CertificateExtensions request2 = new CertificateExtensions();
                for (sun.security.x509.Extension ex: requestedEx.getAllExtensions()) {
-                    request2.set(ex.getId(), ex);
+                    request2.setExtension(ex.getId(), ex);
                }
                for(String extstr: extstrs) {
                    if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) {
@ -4609,7 +4589,7 @@ public final class Main {
                            }
                            String n = findOidForExtName(type).toString();
                            if (add) {
-                                Extension e = request2.get(n);
+                                Extension e = request2.getExtension(n);
                                if (!e.isCritical() && action == 0
                                        || e.isCritical() && action == 1) {
                                    e = Extension.newExtension(