RFR 8072394: java.security.cert.PolicyQualifierInfo needs value-based equality

Sean Mullan sean.mullan at oracle.com
Thu Apr 23 12:19:33 UTC 2015


On 04/06/2015 04:18 PM, Florian Weimer wrote:
> On 03/04/2015 06:47 PM, Sean Mullan wrote:
>
>> I can take care of filing an internal CCC and will let you know when
>> that is approved or if there are any questions.
>
> This new webrev incorporates feedback from the CCC:
>
>    <http://cr.openjdk.java.net/~fweimer/8072394/webrev.03/>
>
> This needs additional tests, but I want to check first if the direction
> is okay.

This looks ok to me. Can you give the test a more descriptive name w/o 
the bugid in the name?

--Sean

>
> The PolicyQualifierInfoSet class is needed because there is no existing
> LinkedTreeSet class.  I do not want to continue to use LinkedHashSet
> because of the denial of service risk from hash collisions (this was not
> a problem before because the hash was identity-based), and the cost of
> computing hash codes even for single-element sets.
>


More information about the security-dev mailing list