RFR (16): 8241003: Deprecate "denigrated" java.security.cert APIs that represent DNs as Principal or String objects
Valerie Peng
valerie.peng at oracle.com
Thu Aug 27 19:43:40 UTC 2020
Ok, thanks for the reply.
Valerie
On 8/26/2020 5:02 AM, Sean Mullan wrote:
> On 8/21/20 2:14 PM, Valerie Peng wrote:
>> Is it intentional to use toString() in
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java?
>> Normally, toString() is kind of loose, not as strict as getName().
>
> In this case I think toString() is ok, since jarsigner is printing
> information about the certificate.
>
> Also, I wanted the format to be compatible with the previous code just
> in case some script or something out there is parsing the format and
> expecting it to be the same. In the JDK implementation,
> X500Principal.toString calls X500Name.toString().
>
> --Sean
>
>>
>> Valerie
>>
>> On 8/21/2020 11:01 AM, Xuelei Fan wrote:
>>> Looks fine to me.
>>>
>>> Just a trivial format comment. Some use link for "RFC 2253", some
>>> do not. It's OK. And it's good as well if you want to use a uniform
>>> style.
>>>
>>> Xuelei
>>>
>>> On 8/21/2020 9:24 AM, Sean Mullan wrote:
>>>> Ping ...
>>>>
>>>> On 8/7/20 10:01 AM, Sean Mullan wrote:
>>>>> Please review this change to deprecate the following APIs:
>>>>>
>>>>> java.security.cert.X509Certificate.getIssuerDN()
>>>>> java.security.cert.X509Certificate.getSubjectDN()
>>>>> java.security.cert.X509CRL.getIssuerDN()
>>>>> java.security.cert.X509CertSelector.setIssuer(String)
>>>>> java.security.cert.X509CertSelector.setSubject(String)
>>>>> java.security.cert.X509CertSelector.getIssuerAsString()
>>>>> java.security.cert.X509CertSelector.getSubjectAsString()
>>>>> java.security.cert.X509CRLSelector.addIssuerName(String)
>>>>>
>>>>> These APIs either take or return Distinguished Names as Principal
>>>>> or String objects which can cause issues due to loss of encoding
>>>>> information or differences when comparing names across different
>>>>> Principal implementations. All of them have alternative APIs which
>>>>> use X500Principal objects instead. They have long had warnings in
>>>>> the javadoc and have been discouraged from being used. There are
>>>>> no plans to remove the APIs at this time, as they have been in the
>>>>> platform for a long time and removing them would be a much higher
>>>>> compatibility risk.
>>>>>
>>>>> webrev:
>>>>> https://cr.openjdk.java.net/~mullan/webrevs/8241003/webrev.00/
>>>>> CSR: https://bugs.openjdk.java.net/browse/JDK-8250970
>>>>> bug: https://bugs.openjdk.java.net/browse/JDK-8241003
>>>>>
>>>>> --Sean
More information about the security-dev
mailing list