X509Certificate#getSubjectDN, "denigrated"?

Sean Mullan sean.mullan at oracle.com
Fri Mar 5 13:52:45 UTC 2021


(Moving to security-dev and bcc-ing jdk-dev)

This issue is fixed in JDK 16 [1], and the API is now deprecated [2], 
along with several other related APIs that used that term.

--Sean

[1] https://hg.openjdk.java.net/jdk/jdk/rev/145e1859a0a8
[2] 
https://download.java.net/java/early_access/jdk16/docs/api/java.base/java/security/cert/X509Certificate.html#getSubjectDN()

On 3/5/21 8:37 AM, arjan tijms wrote:
> Hi,
> 
> For some time now, X509Certificate#getSubjectDN is "denigrated":
> 
>    /**
>       * <strong>Denigrated</strong>, replaced by {@linkplain
>       * #getSubjectX500Principal()}. This method returns the {@code subject}
>       * as an implementation specific Principal object, which should not be
>       * relied upon by portable code.
>       *
>       * <p>
>       * Gets the {@code subject} (subject distinguished name) value
>       * from the certificate.  If the {@code subject} value is empty,
>       * then the {@code getName()} method of the returned
>       * {@code Principal} object returns an empty string ("").
>       *
>       * <p> The ASN.1 definition for this is:
>       * <pre>
>       * subject    Name
>       * </pre>
>       *
>       * <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name}
>       * and other relevant definitions.
>       *
>       * @return a Principal whose name is the subject name.
>       */
>      public abstract Principal getSubjectDN();
> 
> Maybe the original writer meant "deprecated"? If so, maybe it's time to
> deprecate the denigrated term here, and formally deprecate getSubjectDN?
> 
> Kind regards,
> Arjan Tijms
> 


More information about the security-dev mailing list