RFR : 8054019 Keytool Error publicKey's is not X.509, but X509

Seán Coffey sean.coffey at oracle.com
Tue Sep 2 16:41:51 UTC 2014 

On 02/09/2014 17:17, Sean Mullan wrote:
> That seems fine to me. While you are in there, it would also be nice 
> to fix the grammar of the exception message, ex:
>
> "public key format is " + publicKey.getFormat() + ", must be 
> X.509/X509");
Will do.

Thought about adding X.509 to message that but the correct format is 
"X.509" only.
I think it's best for an exception message to promote the correct format :

"Public key format is " + publicKey.getFormat() + ", must be X.509");

I'll go ahead with that unless I hear otherwise. Will log a bug 8u/9 also.

regards,
Sean.
>
> and open another bug to correct that in JDK 9.
>
> Thanks,
> Sean
>
> On 09/02/2014 11:52 AM, Seán Coffey wrote:
>> I'd like to bring this change into 7u only. The 7u40 7109096 fix 
>> introduced
>> tighter conditions around Key.getFormat(). Some interoperability issues
>> have been seen for key generators that mightn't strictly honour the
>> ASN.1 data format of X509 keys.
>>
>> As a result, I don't think the restriction was suitable for an update
>> release
>> and we should relax it :
>>
>> https://bugs.openjdk.java.net/browse/JDK-8054019
>>> diff --git a/src/share/classes/sun/security/x509/CertAndKeyGen.java
>>> b/src/share/classes/sun/security/x509/CertAndKeyGen.java
>>> --- a/src/share/classes/sun/security/x509/CertAndKeyGen.java
>>> +++ b/src/share/classes/sun/security/x509/CertAndKeyGen.java
>>> @@ -1,5 +1,5 @@
>>>  /*
>>> - * Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights
>>> reserved.
>>> + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights
>>> reserved.
>>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>>   *
>>>   * This code is free software; you can redistribute it and/or 
>>> modify it
>>> @@ -156,7 +156,9 @@
>>>
>>>          // publicKey's format must be X.509 otherwise
>>>          // the whole CertGen part of this class is broken.
>>> -        if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
>>> +        // Allow "X509" in 7u for backwards compatibility.
>>> +        if (!"X.509".equalsIgnoreCase(publicKey.getFormat()) &&
>>> +            !"X509".equalsIgnoreCase(publicKey.getFormat())) {
>>>              throw new IllegalArgumentException("publicKey's is not
>>> X.509, but "
>>>                      + publicKey.getFormat());
>>>          }
>>
>> Regards,
>> Sean.
>>

More information about the security-dev mailing list