diff --git a/jdk/src/java.base/share/classes/sun/security/x509/AlgorithmId.java b/jdk/src/java.base/share/classes/sun/security/x509/AlgorithmId.java index f84371da80e..60b0b922190 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/AlgorithmId.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/AlgorithmId.java @@ -588,7 +588,7 @@ public class AlgorithmId implements Serializable, DerEncoder { } if (oidTable == null) { - oidTable = new HashMap<>(1); + oidTable = Collections.emptyMap(); } initOidTable = true; } diff --git a/jdk/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java index d60f7f13079..cb7f106e685 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/CRLDistributionPointsExtension.java @@ -29,6 +29,7 @@ import java.io.IOException; import java.io.OutputStream; import java.util.*; +import java.util.Collections; import sun.security.util.DerOutputStream; import sun.security.util.DerValue; @@ -255,11 +256,12 @@ public class CRLDistributionPointsExtension extends Extension */ public void delete(String name) throws IOException { if (name.equalsIgnoreCase(POINTS)) { - distributionPoints = new ArrayList(); + distributionPoints = + Collections.emptyList(); } else { throw new IOException("Attribute name [" + name + - "] not recognized by " + - "CertAttrSet:" + extensionName + "."); + "] not recognized by " + + "CertAttrSet:" + extensionName + '.'); } encodeThis(); } diff --git a/jdk/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java index 7a66f0b935f..9434e613441 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/CRLNumberExtension.java @@ -157,11 +157,10 @@ implements CertAttrSet { */ public BigInteger get(String name) throws IOException { if (name.equalsIgnoreCase(NUMBER)) { - if (crlNumber == null) return null; - else return crlNumber; + return crlNumber; } else { - throw new IOException("Attribute name not recognized by" - + " CertAttrSet:" + extensionName + "."); + throw new IOException("Attribute name not recognized by" + + " CertAttrSet:" + extensionName + '.'); } } diff --git a/jdk/src/java.base/share/classes/sun/security/x509/DNSName.java b/jdk/src/java.base/share/classes/sun/security/x509/DNSName.java index 449d7550043..c9aa54aa73e 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/DNSName.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/DNSName.java @@ -232,15 +232,15 @@ public class DNSName implements GeneralNameInterface { * @throws UnsupportedOperationException if not supported for this name type */ public int subtreeDepth() throws UnsupportedOperationException { - String subtree=name; - int i=1; + // subtree depth is always at least 1 + int sum = 1; - /* count dots */ - for (; subtree.lastIndexOf('.') >= 0; i++) { - subtree=subtree.substring(0,subtree.lastIndexOf('.')); + // count dots + for (int i = name.indexOf('.'); i >= 0; i = name.indexOf('.', i + 1)) { + ++sum; } - return i; + return sum; } } diff --git a/jdk/src/java.base/share/classes/sun/security/x509/EDIPartyName.java b/jdk/src/java.base/share/classes/sun/security/x509/EDIPartyName.java index 74c0e4df7d4..2ba0b56ad6f 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/EDIPartyName.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/EDIPartyName.java @@ -197,7 +197,7 @@ public class EDIPartyName implements GeneralNameInterface { */ public int hashCode() { if (myhash == -1) { - myhash = 37 + party.hashCode(); + myhash = 37 + (party == null ? 1 : party.hashCode()); if (assigner != null) { myhash = 37 * myhash + assigner.hashCode(); } diff --git a/jdk/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java b/jdk/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java index 5a1f8c7de65..847f56aba86 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/GeneralSubtrees.java @@ -189,7 +189,7 @@ public class GeneralSubtrees implements Cloneable { // the list: if any subsequent entry matches or widens entry n, // remove entry n. If any subsequent entries narrow entry n, remove // the subsequent entries. - for (int i = 0; i < size(); i++) { + for (int i = 0; i < (size() - 1); i++) { GeneralNameInterface current = getGeneralNameInterface(i); boolean remove1 = false; diff --git a/jdk/src/java.base/share/classes/sun/security/x509/IPAddressName.java b/jdk/src/java.base/share/classes/sun/security/x509/IPAddressName.java index c94df301bcb..50f045758be 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/IPAddressName.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/IPAddressName.java @@ -197,8 +197,10 @@ public class IPAddressName implements GeneralNameInterface { // append a mask corresponding to the num of prefix bits specified int prefixLen = Integer.parseInt(name.substring(slashNdx+1)); - if (prefixLen > 128) - throw new IOException("IPv6Address prefix is longer than 128"); + if (prefixLen < 0 || prefixLen > 128) { + throw new IOException("IPv6Address prefix length (" + + prefixLen + ") in out of valid range [0,128]"); + } // create new bit array initialized to zeros BitArray bitArray = new BitArray(MASKSIZE * 8); @@ -317,7 +319,8 @@ public class IPAddressName implements GeneralNameInterface { if (!(obj instanceof IPAddressName)) return false; - byte[] other = ((IPAddressName)obj).getBytes(); + IPAddressName otherName = (IPAddressName)obj; + byte[] other = otherName.address; if (other.length != address.length) return false; @@ -326,12 +329,10 @@ public class IPAddressName implements GeneralNameInterface { // Two subnet addresses // Mask each and compare masked values int maskLen = address.length/2; - byte[] maskedThis = new byte[maskLen]; - byte[] maskedOther = new byte[maskLen]; for (int i=0; i < maskLen; i++) { - maskedThis[i] = (byte)(address[i] & address[i+maskLen]); - maskedOther[i] = (byte)(other[i] & other[i+maskLen]); - if (maskedThis[i] != maskedOther[i]) { + byte maskedThis = (byte)(address[i] & address[i+maskLen]); + byte maskedOther = (byte)(other[i] & other[i+maskLen]); + if (maskedThis != maskedOther) { return false; } } @@ -400,7 +401,8 @@ public class IPAddressName implements GeneralNameInterface { else if (((IPAddressName)inputName).equals(this)) constraintType = NAME_MATCH; else { - byte[] otherAddress = ((IPAddressName)inputName).getBytes(); + IPAddressName otherName = (IPAddressName)inputName; + byte[] otherAddress = otherName.address; if (otherAddress.length == 4 && address.length == 4) // Two host addresses constraintType = NAME_SAME_TYPE; diff --git a/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java index 26dd18a352b..580225859b9 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java @@ -261,6 +261,7 @@ public class IssuingDistributionPointExtension extends Extension throw new IOException( "Attribute value should be of type ReasonFlags."); } + revocationReasons = (ReasonFlags)obj; } else if (name.equalsIgnoreCase(INDIRECT_CRL)) { if (!(obj instanceof Boolean)) { @@ -290,7 +291,6 @@ public class IssuingDistributionPointExtension extends Extension } hasOnlyAttributeCerts = ((Boolean)obj).booleanValue(); - } else { throw new IOException("Attribute name [" + name + "] not recognized by " + diff --git a/jdk/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java b/jdk/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java index 74139a4f6b5..97036e2ea88 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java @@ -148,7 +148,7 @@ public class KeyIdentifier { return true; if (!(other instanceof KeyIdentifier)) return false; - return java.util.Arrays.equals(octetString, - ((KeyIdentifier)other).getIdentifier()); + byte[] otherString = ((KeyIdentifier)other).octetString; + return java.util.Arrays.equals(octetString, otherString); } } diff --git a/jdk/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java index 175201c732b..ed931a2119b 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/PolicyMappingsExtension.java @@ -102,7 +102,7 @@ implements CertAttrSet { public PolicyMappingsExtension() { extensionId = PKIXExtensions.PolicyMappings_Id; critical = true; - maps = new ArrayList(); + maps = Collections.emptyList(); } /** diff --git a/jdk/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java index 0cb40155025..afb08b1a68e 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/PrivateKeyUsageExtension.java @@ -33,6 +33,7 @@ import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateNotYetValidException; import java.util.Date; import java.util.Enumeration; +import java.util.Objects; import sun.security.util.*; @@ -217,16 +218,17 @@ implements CertAttrSet { */ public void valid(Date now) throws CertificateNotYetValidException, CertificateExpiredException { + Objects.requireNonNull(now); /* * we use the internal Dates rather than the passed in Date * because someone could override the Date methods after() * and before() to do something entirely different. */ - if (notBefore.after(now)) { + if (notBefore != null && notBefore.after(now)) { throw new CertificateNotYetValidException("NotBefore: " + notBefore.toString()); } - if (notAfter.before(now)) { + if (notAfter != null && notAfter.before(now)) { throw new CertificateExpiredException("NotAfter: " + notAfter.toString()); } diff --git a/jdk/src/java.base/share/classes/sun/security/x509/RDN.java b/jdk/src/java.base/share/classes/sun/security/x509/RDN.java index 6e927c4a340..2ee060930db 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/RDN.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/RDN.java @@ -27,6 +27,8 @@ package sun.security.x509; import java.io.IOException; import java.io.StringReader; +import java.util.Arrays; +import java.util.StringJoiner; import java.util.*; import sun.security.util.*; @@ -436,31 +438,19 @@ public class RDN { assertion[0].toRFC2253String(oidMap); } - StringBuilder relname = new StringBuilder(); - if (!canonical) { - for (int i = 0; i < assertion.length; i++) { - if (i > 0) { - relname.append('+'); - } - relname.append(assertion[i].toRFC2253String(oidMap)); - } - } else { + AVA[] toOutput = assertion; + if (canonical) { // order the string type AVA's alphabetically, // followed by the oid type AVA's numerically - List avaList = new ArrayList<>(assertion.length); - for (int i = 0; i < assertion.length; i++) { - avaList.add(assertion[i]); - } - java.util.Collections.sort(avaList, AVAComparator.getInstance()); - - for (int i = 0; i < avaList.size(); i++) { - if (i > 0) { - relname.append('+'); - } - relname.append(avaList.get(i).toRFC2253CanonicalString()); - } + toOutput = assertion.clone(); + Arrays.sort(toOutput, AVAComparator.getInstance()); } - return relname.toString(); + StringJoiner sj = new StringJoiner("+"); + for (AVA ava : toOutput) { + sj.add(canonical ? ava.toRFC2253CanonicalString() + : ava.toRFC2253String(oidMap)); + } + return sj.toString(); } } diff --git a/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java index 8daa0b319b4..0acdf96057f 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java @@ -28,6 +28,7 @@ package sun.security.x509; import java.io.IOException; import java.io.OutputStream; +import java.util.Collections; import java.util.*; import sun.security.util.DerOutputStream; @@ -200,7 +201,8 @@ public class SubjectInfoAccessExtension extends Extension */ public void delete(String name) throws IOException { if (name.equalsIgnoreCase(DESCRIPTIONS)) { - accessDescriptions = new ArrayList(); + accessDescriptions = + Collections.emptyList(); } else { throw new IOException("Attribute name [" + name + "] not recognized by " + diff --git a/jdk/src/java.base/share/classes/sun/security/x509/URIName.java b/jdk/src/java.base/share/classes/sun/security/x509/URIName.java index 2f3e107ef0b..878d745a881 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/URIName.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/URIName.java @@ -165,7 +165,7 @@ public class URIName implements GeneralNameInterface { String host = uri.getSchemeSpecificPart(); try { DNSName hostDNS; - if (host.charAt(0) == '.') { + if (host.startsWith(".")) { hostDNS = new DNSName(host.substring(1)); } else { hostDNS = new DNSName(host); diff --git a/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java b/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java index 740b7fed538..07f0aedf8e8 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java @@ -347,6 +347,8 @@ public class X500Name implements GeneralNameInterface, Principal { for (int i = 0; i < names.length; i++) { list.addAll(names[i].avas()); } + list = Collections.unmodifiableList(list); + allAvaList = list; } return list; } @@ -365,9 +367,6 @@ public class X500Name implements GeneralNameInterface, Principal { */ public boolean isEmpty() { int n = names.length; - if (n == 0) { - return true; - } for (int i = 0; i < n; i++) { if (names[i].assertion.length != 0) { return false; @@ -1103,12 +1102,8 @@ public class X500Name implements GeneralNameInterface, Principal { * and speed recognition of common X.500 attributes. */ static ObjectIdentifier intern(ObjectIdentifier oid) { - ObjectIdentifier interned = internedOIDs.get(oid); - if (interned != null) { - return interned; - } - internedOIDs.put(oid, oid); - return oid; + ObjectIdentifier interned = internedOIDs.putIfAbsent(oid, oid); + return (interned == null) ? oid : interned; } private static final Map internedOIDs diff --git a/jdk/src/java.base/share/classes/sun/security/x509/X509AttributeName.java b/jdk/src/java.base/share/classes/sun/security/x509/X509AttributeName.java index 090792aa2e9..c60b6f46010 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/X509AttributeName.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/X509AttributeName.java @@ -47,7 +47,7 @@ public class X509AttributeName { */ public X509AttributeName(String name) { int i = name.indexOf(SEPARATOR); - if (i == (-1)) { + if (i < 0) { prefix = name; } else { prefix = name.substring(0, i); diff --git a/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java b/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java index 812778c02c0..1fc5bed4c83 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java @@ -762,9 +762,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder { public byte[] getTBSCertList() throws CRLException { if (tbsCertList == null) throw new CRLException("Uninitialized CRL"); - byte[] dup = new byte[tbsCertList.length]; - System.arraycopy(tbsCertList, 0, dup, 0, dup.length); - return dup; + return tbsCertList.clone(); } /** @@ -775,9 +773,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder { public byte[] getSignature() { if (signature == null) return null; - byte[] dup = new byte[signature.length]; - System.arraycopy(signature, 0, dup, 0, dup.length); - return dup; + return signature.clone(); } /** diff --git a/jdk/src/java.base/share/classes/sun/security/x509/X509CertImpl.java b/jdk/src/java.base/share/classes/sun/security/x509/X509CertImpl.java index cc15fb23414..0e4da831a83 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/X509CertImpl.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CertImpl.java @@ -1001,9 +1001,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder { public byte[] getSignature() { if (signature == null) return null; - byte[] dup = new byte[signature.length]; - System.arraycopy(signature, 0, dup, 0, dup.length); - return dup; + return signature.clone(); } /**