RFR : 8054019 Keytool Error publicKey's is not X.509, but X509

Seán Coffey sean.coffey at oracle.com
Tue Sep 2 15:52:28 UTC 2014


I'd like to bring this change into 7u only. The 7u40 7109096 fix introduced
tighter conditions around Key.getFormat(). Some interoperability issues
have been seen for key generators that mightn't strictly honour the
ASN.1 data format of X509 keys.

As a result, I don't think the restriction was suitable for an update 
release
and we should relax it :

https://bugs.openjdk.java.net/browse/JDK-8054019
> diff --git a/src/share/classes/sun/security/x509/CertAndKeyGen.java 
> b/src/share/classes/sun/security/x509/CertAndKeyGen.java
> --- a/src/share/classes/sun/security/x509/CertAndKeyGen.java
> +++ b/src/share/classes/sun/security/x509/CertAndKeyGen.java
> @@ -1,5 +1,5 @@
>  /*
> - * Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights 
> reserved.
> + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights 
> reserved.
>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>   *
>   * This code is free software; you can redistribute it and/or modify it
> @@ -156,7 +156,9 @@
>
>          // publicKey's format must be X.509 otherwise
>          // the whole CertGen part of this class is broken.
> -        if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
> +        // Allow "X509" in 7u for backwards compatibility.
> +        if (!"X.509".equalsIgnoreCase(publicKey.getFormat()) &&
> +            !"X509".equalsIgnoreCase(publicKey.getFormat())) {
>              throw new IllegalArgumentException("publicKey's is not 
> X.509, but "
>                      + publicKey.getFormat());
>          }

Regards,
Sean.




More information about the security-dev mailing list