RFR: 8349890 : Option -Djava.security.debug=x509,ava breaks special chars [v3]

Sean Mullan mullan at openjdk.org
Fri Apr 4 14:08:57 UTC 2025 

On Fri, 4 Apr 2025 03:18:31 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:

>> **A DESCRIPTION OF THE PROBLEM :**
>> Enabling -Djava.security.debug=x509,ava affects how special characters in certificates are processed. The expected behavior is that debugging should not interfere with the normal encoding of certificate fields.
>> 
>> **Fix:**
>> The Debugging will no longer interfere with these fields, unless you call toString().
>
> Koushik Muthukrishnan Thirupattur has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8349890:Option -Djava.security.debug=x509,ava breaks special chars

test/jdk/sun/security/x509/X500Name/PrintX500NameInDebugModeWithAvaOption.java line 39:

> 37:     public static void main(String[] args) throws Exception {
> 38: 
> 39:         X500Name name = new X500Name("cn=john doe + l=ca\\+lifornia + l =sf, O=Ñ");

Use `X500Principal` objects for testing instead of `X500Name`. `X500Principal` is a public/standard API, so it is better to ensure that the issue is fixed via standard APIs. Then you also don't need the `@modules` line.

Also change name of test to `PrintX500PrincipalInDebugModeWithAvaOption`.

test/jdk/sun/security/x509/X500Name/PrintX500NameInDebugModeWithAvaOption.java line 47:

> 45:         //Test the name in RFC2253 format. This should skip the hex conversion to return
> 46:         //"\u00d1" for special character "Ñ"
> 47:         Asserts.assertTrue(name.getRFC2253Name().contains("\u00d1"), "String does not contain expected value");

Here you can call `X500Principal.getName()` instead which emits an RFC 2253 name.

test/jdk/sun/security/x509/X500Name/PrintX500NameInDebugModeWithAvaOption.java line 51:

> 49:         //Test the name in canonical name in RFC2253 format. This should skip the hex conversion to return
> 50:         //"n\u0303" for special character "Ñ"
> 51:         Asserts.assertTrue(name.getRFC2253CanonicalName().contains("n\u0303"),"String does not contain expected value");

Here you can call `X500Principal.getName(X500Principal.CANONICAL)` instead which emits a canonical RFC 2253 name.

test/jdk/sun/security/x509/X500Name/PrintX500NameInDebugModeWithAvaOption.java line 51:

> 49:         //Test the name in canonical name in RFC2253 format. This should skip the hex conversion to return
> 50:         //"n\u0303" for special character "Ñ"
> 51:         Asserts.assertTrue(name.getRFC2253CanonicalName().contains("n\u0303"),"String does not contain expected value");

Nit, add space after the comma, same comment on line 43 and 56. Or break up into 2 lines as some of the lines are a bit long.

test/jdk/sun/security/x509/X500Name/PrintX500NameInDebugModeWithAvaOption.java line 56:

> 54:         //Test to print name in RFC1779 format. This should skip the hex conversion to print
> 55:         //"\u00d1" for special character "Ñ"
> 56:         Asserts.assertTrue(name.getRFC1779Name().contains("\u00d1"),"String does not contain expected value");

Here you can call `X500Principal.getName(X500Principal.RFC1779)` instead which emits a RFC 1779 name.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24360#discussion_r2028855420
PR Review Comment: https://git.openjdk.org/jdk/pull/24360#discussion_r2028869879
PR Review Comment: https://git.openjdk.org/jdk/pull/24360#discussion_r2028872261
PR Review Comment: https://git.openjdk.org/jdk/pull/24360#discussion_r2028875687
PR Review Comment: https://git.openjdk.org/jdk/pull/24360#discussion_r2028874116

More information about the security-dev mailing list