RFR : 8054019 Keytool Error publicKey's is not X.509, but X509
Sean Mullan
sean.mullan at oracle.com
Tue Sep 2 16:17:18 UTC 2014
That seems fine to me. While you are in there, it would also be nice to
fix the grammar of the exception message, ex:
"public key format is " + publicKey.getFormat() + ", must be X.509/X509");
and open another bug to correct that in JDK 9.
Thanks,
Sean
On 09/02/2014 11:52 AM, Seán Coffey wrote:
> I'd like to bring this change into 7u only. The 7u40 7109096 fix introduced
> tighter conditions around Key.getFormat(). Some interoperability issues
> have been seen for key generators that mightn't strictly honour the
> ASN.1 data format of X509 keys.
>
> As a result, I don't think the restriction was suitable for an update
> release
> and we should relax it :
>
> https://bugs.openjdk.java.net/browse/JDK-8054019
>> diff --git a/src/share/classes/sun/security/x509/CertAndKeyGen.java
>> b/src/share/classes/sun/security/x509/CertAndKeyGen.java
>> --- a/src/share/classes/sun/security/x509/CertAndKeyGen.java
>> +++ b/src/share/classes/sun/security/x509/CertAndKeyGen.java
>> @@ -1,5 +1,5 @@
>> /*
>> - * Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights
>> reserved.
>> + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights
>> reserved.
>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>> *
>> * This code is free software; you can redistribute it and/or modify it
>> @@ -156,7 +156,9 @@
>>
>> // publicKey's format must be X.509 otherwise
>> // the whole CertGen part of this class is broken.
>> - if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
>> + // Allow "X509" in 7u for backwards compatibility.
>> + if (!"X.509".equalsIgnoreCase(publicKey.getFormat()) &&
>> + !"X509".equalsIgnoreCase(publicKey.getFormat())) {
>> throw new IllegalArgumentException("publicKey's is not
>> X.509, but "
>> + publicKey.getFormat());
>> }
>
> Regards,
> Sean.
>
More information about the security-dev
mailing list