8074068: Cleanup in java.base/share/classes/sun/security/x509/
Reviewed-by: mullan, ahgross, coffeys
--- a/jdk/src/java.base/share/classes/sun/security/x509/AlgorithmId.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/AlgorithmId.java Mon Sep 07 18:58:41 2015 +0300
@@ -588,7 +588,7 @@
}
if (oidTable == null) {
- oidTable = new HashMap<>(1);
+ oidTable = Collections.<String,ObjectIdentifier>emptyMap();
}
initOidTable = true;
}
--- a/jdk/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java Mon Sep 07 18:58:41 2015 +0300
@@ -29,6 +29,7 @@
import java.io.OutputStream;
import java.util.*;
+import java.util.Collections;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
@@ -255,11 +256,12 @@
*/
public void delete(String name) throws IOException {
if (name.equalsIgnoreCase(POINTS)) {
- distributionPoints = new ArrayList<DistributionPoint>();
+ distributionPoints =
+ Collections.<DistributionPoint>emptyList();
} else {
throw new IOException("Attribute name [" + name +
- "] not recognized by " +
- "CertAttrSet:" + extensionName + ".");
+ "] not recognized by " +
+ "CertAttrSet:" + extensionName + '.');
}
encodeThis();
}
--- a/jdk/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java Mon Sep 07 18:58:41 2015 +0300
@@ -157,11 +157,10 @@
*/
public BigInteger get(String name) throws IOException {
if (name.equalsIgnoreCase(NUMBER)) {
- if (crlNumber == null) return null;
- else return crlNumber;
+ return crlNumber;
} else {
- throw new IOException("Attribute name not recognized by"
- + " CertAttrSet:" + extensionName + ".");
+ throw new IOException("Attribute name not recognized by" +
+ " CertAttrSet:" + extensionName + '.');
}
}
--- a/jdk/src/java.base/share/classes/sun/security/x509/DNSName.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/DNSName.java Mon Sep 07 18:58:41 2015 +0300
@@ -232,15 +232,15 @@
* @throws UnsupportedOperationException if not supported for this name type
*/
public int subtreeDepth() throws UnsupportedOperationException {
- String subtree=name;
- int i=1;
+ // subtree depth is always at least 1
+ int sum = 1;
- /* count dots */
- for (; subtree.lastIndexOf('.') >= 0; i++) {
- subtree=subtree.substring(0,subtree.lastIndexOf('.'));
+ // count dots
+ for (int i = name.indexOf('.'); i >= 0; i = name.indexOf('.', i + 1)) {
+ ++sum;
}
- return i;
+ return sum;
}
}
--- a/jdk/src/java.base/share/classes/sun/security/x509/EDIPartyName.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/EDIPartyName.java Mon Sep 07 18:58:41 2015 +0300
@@ -197,7 +197,7 @@
*/
public int hashCode() {
if (myhash == -1) {
- myhash = 37 + party.hashCode();
+ myhash = 37 + (party == null ? 1 : party.hashCode());
if (assigner != null) {
myhash = 37 * myhash + assigner.hashCode();
}
--- a/jdk/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java Mon Sep 07 18:58:41 2015 +0300
@@ -189,7 +189,7 @@
// the list: if any subsequent entry matches or widens entry n,
// remove entry n. If any subsequent entries narrow entry n, remove
// the subsequent entries.
- for (int i = 0; i < size(); i++) {
+ for (int i = 0; i < (size() - 1); i++) {
GeneralNameInterface current = getGeneralNameInterface(i);
boolean remove1 = false;
--- a/jdk/src/java.base/share/classes/sun/security/x509/IPAddressName.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/IPAddressName.java Mon Sep 07 18:58:41 2015 +0300
@@ -197,8 +197,10 @@
// append a mask corresponding to the num of prefix bits specified
int prefixLen = Integer.parseInt(name.substring(slashNdx+1));
- if (prefixLen > 128)
- throw new IOException("IPv6Address prefix is longer than 128");
+ if (prefixLen < 0 || prefixLen > 128) {
+ throw new IOException("IPv6Address prefix length (" +
+ prefixLen + ") in out of valid range [0,128]");
+ }
// create new bit array initialized to zeros
BitArray bitArray = new BitArray(MASKSIZE * 8);
@@ -317,7 +319,8 @@
if (!(obj instanceof IPAddressName))
return false;
- byte[] other = ((IPAddressName)obj).getBytes();
+ IPAddressName otherName = (IPAddressName)obj;
+ byte[] other = otherName.address;
if (other.length != address.length)
return false;
@@ -326,12 +329,10 @@
// Two subnet addresses
// Mask each and compare masked values
int maskLen = address.length/2;
- byte[] maskedThis = new byte[maskLen];
- byte[] maskedOther = new byte[maskLen];
for (int i=0; i < maskLen; i++) {
- maskedThis[i] = (byte)(address[i] & address[i+maskLen]);
- maskedOther[i] = (byte)(other[i] & other[i+maskLen]);
- if (maskedThis[i] != maskedOther[i]) {
+ byte maskedThis = (byte)(address[i] & address[i+maskLen]);
+ byte maskedOther = (byte)(other[i] & other[i+maskLen]);
+ if (maskedThis != maskedOther) {
return false;
}
}
@@ -400,7 +401,8 @@
else if (((IPAddressName)inputName).equals(this))
constraintType = NAME_MATCH;
else {
- byte[] otherAddress = ((IPAddressName)inputName).getBytes();
+ IPAddressName otherName = (IPAddressName)inputName;
+ byte[] otherAddress = otherName.address;
if (otherAddress.length == 4 && address.length == 4)
// Two host addresses
constraintType = NAME_SAME_TYPE;
--- a/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java Mon Sep 07 18:58:41 2015 +0300
@@ -261,6 +261,7 @@
throw new IOException(
"Attribute value should be of type ReasonFlags.");
}
+ revocationReasons = (ReasonFlags)obj;
} else if (name.equalsIgnoreCase(INDIRECT_CRL)) {
if (!(obj instanceof Boolean)) {
@@ -290,7 +291,6 @@
}
hasOnlyAttributeCerts = ((Boolean)obj).booleanValue();
-
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
--- a/jdk/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java Mon Sep 07 18:58:41 2015 +0300
@@ -148,7 +148,7 @@
return true;
if (!(other instanceof KeyIdentifier))
return false;
- return java.util.Arrays.equals(octetString,
- ((KeyIdentifier)other).getIdentifier());
+ byte[] otherString = ((KeyIdentifier)other).octetString;
+ return java.util.Arrays.equals(octetString, otherString);
}
}
--- a/jdk/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java Mon Sep 07 18:58:41 2015 +0300
@@ -102,7 +102,7 @@
public PolicyMappingsExtension() {
extensionId = PKIXExtensions.PolicyMappings_Id;
critical = true;
- maps = new ArrayList<CertificatePolicyMap>();
+ maps = Collections.<CertificatePolicyMap>emptyList();
}
/**
--- a/jdk/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java Mon Sep 07 18:58:41 2015 +0300
@@ -33,6 +33,7 @@
import java.security.cert.CertificateNotYetValidException;
import java.util.Date;
import java.util.Enumeration;
+import java.util.Objects;
import sun.security.util.*;
@@ -217,16 +218,17 @@
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
+ Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
- if (notBefore.after(now)) {
+ if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
- if (notAfter.before(now)) {
+ if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
--- a/jdk/src/java.base/share/classes/sun/security/x509/RDN.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/RDN.java Mon Sep 07 18:58:41 2015 +0300
@@ -27,6 +27,8 @@
import java.io.IOException;
import java.io.StringReader;
+import java.util.Arrays;
+import java.util.StringJoiner;
import java.util.*;
import sun.security.util.*;
@@ -436,31 +438,19 @@
assertion[0].toRFC2253String(oidMap);
}
- StringBuilder relname = new StringBuilder();
- if (!canonical) {
- for (int i = 0; i < assertion.length; i++) {
- if (i > 0) {
- relname.append('+');
- }
- relname.append(assertion[i].toRFC2253String(oidMap));
- }
- } else {
+ AVA[] toOutput = assertion;
+ if (canonical) {
// order the string type AVA's alphabetically,
// followed by the oid type AVA's numerically
- List<AVA> avaList = new ArrayList<>(assertion.length);
- for (int i = 0; i < assertion.length; i++) {
- avaList.add(assertion[i]);
- }
- java.util.Collections.sort(avaList, AVAComparator.getInstance());
-
- for (int i = 0; i < avaList.size(); i++) {
- if (i > 0) {
- relname.append('+');
- }
- relname.append(avaList.get(i).toRFC2253CanonicalString());
- }
+ toOutput = assertion.clone();
+ Arrays.sort(toOutput, AVAComparator.getInstance());
}
- return relname.toString();
+ StringJoiner sj = new StringJoiner("+");
+ for (AVA ava : toOutput) {
+ sj.add(canonical ? ava.toRFC2253CanonicalString()
+ : ava.toRFC2253String(oidMap));
+ }
+ return sj.toString();
}
}
--- a/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java Mon Sep 07 18:58:41 2015 +0300
@@ -28,6 +28,7 @@
import java.io.IOException;
import java.io.OutputStream;
+import java.util.Collections;
import java.util.*;
import sun.security.util.DerOutputStream;
@@ -200,7 +201,8 @@
*/
public void delete(String name) throws IOException {
if (name.equalsIgnoreCase(DESCRIPTIONS)) {
- accessDescriptions = new ArrayList<AccessDescription>();
+ accessDescriptions =
+ Collections.<AccessDescription>emptyList();
} else {
throw new IOException("Attribute name [" + name +
"] not recognized by " +
--- a/jdk/src/java.base/share/classes/sun/security/x509/URIName.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/URIName.java Mon Sep 07 18:58:41 2015 +0300
@@ -165,7 +165,7 @@
String host = uri.getSchemeSpecificPart();
try {
DNSName hostDNS;
- if (host.charAt(0) == '.') {
+ if (host.startsWith(".")) {
hostDNS = new DNSName(host.substring(1));
} else {
hostDNS = new DNSName(host);
--- a/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java Mon Sep 07 18:58:41 2015 +0300
@@ -347,6 +347,8 @@
for (int i = 0; i < names.length; i++) {
list.addAll(names[i].avas());
}
+ list = Collections.unmodifiableList(list);
+ allAvaList = list;
}
return list;
}
@@ -365,9 +367,6 @@
*/
public boolean isEmpty() {
int n = names.length;
- if (n == 0) {
- return true;
- }
for (int i = 0; i < n; i++) {
if (names[i].assertion.length != 0) {
return false;
@@ -1103,12 +1102,8 @@
* and speed recognition of common X.500 attributes.
*/
static ObjectIdentifier intern(ObjectIdentifier oid) {
- ObjectIdentifier interned = internedOIDs.get(oid);
- if (interned != null) {
- return interned;
- }
- internedOIDs.put(oid, oid);
- return oid;
+ ObjectIdentifier interned = internedOIDs.putIfAbsent(oid, oid);
+ return (interned == null) ? oid : interned;
}
private static final Map<ObjectIdentifier,ObjectIdentifier> internedOIDs
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509AttributeName.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X509AttributeName.java Mon Sep 07 18:58:41 2015 +0300
@@ -47,7 +47,7 @@
*/
public X509AttributeName(String name) {
int i = name.indexOf(SEPARATOR);
- if (i == (-1)) {
+ if (i < 0) {
prefix = name;
} else {
prefix = name.substring(0, i);
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java Mon Sep 07 18:58:41 2015 +0300
@@ -762,9 +762,7 @@
public byte[] getTBSCertList() throws CRLException {
if (tbsCertList == null)
throw new CRLException("Uninitialized CRL");
- byte[] dup = new byte[tbsCertList.length];
- System.arraycopy(tbsCertList, 0, dup, 0, dup.length);
- return dup;
+ return tbsCertList.clone();
}
/**
@@ -775,9 +773,7 @@
public byte[] getSignature() {
if (signature == null)
return null;
- byte[] dup = new byte[signature.length];
- System.arraycopy(signature, 0, dup, 0, dup.length);
- return dup;
+ return signature.clone();
}
/**
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509CertImpl.java Thu Sep 03 09:33:04 2015 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CertImpl.java Mon Sep 07 18:58:41 2015 +0300
@@ -1001,9 +1001,7 @@
public byte[] getSignature() {
if (signature == null)
return null;
- byte[] dup = new byte[signature.length];
- System.arraycopy(signature, 0, dup, 0, dup.length);
- return dup;
+ return signature.clone();
}
/**