RFR (16): 8241003: Deprecate "denigrated" java.security.cert APIs that represent DNs as Principal or String objects
Xuelei Fan
xuelei.fan at oracle.com
Fri Aug 21 18:01:24 UTC 2020
Looks fine to me.
Just a trivial format comment. Some use link for "RFC 2253", some do
not. It's OK. And it's good as well if you want to use a uniform style.
Xuelei
On 8/21/2020 9:24 AM, Sean Mullan wrote:
> Ping ...
>
> On 8/7/20 10:01 AM, Sean Mullan wrote:
>> Please review this change to deprecate the following APIs:
>>
>> java.security.cert.X509Certificate.getIssuerDN()
>> java.security.cert.X509Certificate.getSubjectDN()
>> java.security.cert.X509CRL.getIssuerDN()
>> java.security.cert.X509CertSelector.setIssuer(String)
>> java.security.cert.X509CertSelector.setSubject(String)
>> java.security.cert.X509CertSelector.getIssuerAsString()
>> java.security.cert.X509CertSelector.getSubjectAsString()
>> java.security.cert.X509CRLSelector.addIssuerName(String)
>>
>> These APIs either take or return Distinguished Names as Principal or
>> String objects which can cause issues due to loss of encoding
>> information or differences when comparing names across different
>> Principal implementations. All of them have alternative APIs which use
>> X500Principal objects instead. They have long had warnings in the
>> javadoc and have been discouraged from being used. There are no plans
>> to remove the APIs at this time, as they have been in the platform for
>> a long time and removing them would be a much higher compatibility risk.
>>
>> webrev: https://cr.openjdk.java.net/~mullan/webrevs/8241003/webrev.00/
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8250970
>> bug: https://bugs.openjdk.java.net/browse/JDK-8241003
>>
>> --Sean
More information about the security-dev
mailing list