RFR (16): 8241003: Deprecate "denigrated" java.security.cert APIs that represent DNs as Principal or String objects
Sean Mullan
sean.mullan at oracle.com
Fri Aug 7 14:01:30 UTC 2020
Please review this change to deprecate the following APIs:
java.security.cert.X509Certificate.getIssuerDN()
java.security.cert.X509Certificate.getSubjectDN()
java.security.cert.X509CRL.getIssuerDN()
java.security.cert.X509CertSelector.setIssuer(String)
java.security.cert.X509CertSelector.setSubject(String)
java.security.cert.X509CertSelector.getIssuerAsString()
java.security.cert.X509CertSelector.getSubjectAsString()
java.security.cert.X509CRLSelector.addIssuerName(String)
These APIs either take or return Distinguished Names as Principal or
String objects which can cause issues due to loss of encoding
information or differences when comparing names across different
Principal implementations. All of them have alternative APIs which use
X500Principal objects instead. They have long had warnings in the
javadoc and have been discouraged from being used. There are no plans to
remove the APIs at this time, as they have been in the platform for a
long time and removing them would be a much higher compatibility risk.
webrev: https://cr.openjdk.java.net/~mullan/webrevs/8241003/webrev.00/
CSR: https://bugs.openjdk.java.net/browse/JDK-8250970
bug: https://bugs.openjdk.java.net/browse/JDK-8241003
--Sean
More information about the security-dev
mailing list