X509Certificate#getSubjectDN, "denigrated"?
Sean Mullan
sean.mullan at oracle.com
Fri Mar 5 13:52:45 UTC 2021
(Moving to security-dev and bcc-ing jdk-dev)
This issue is fixed in JDK 16 [1], and the API is now deprecated [2],
along with several other related APIs that used that term.
--Sean
[1] https://hg.openjdk.java.net/jdk/jdk/rev/145e1859a0a8
[2]
https://download.java.net/java/early_access/jdk16/docs/api/java.base/java/security/cert/X509Certificate.html#getSubjectDN()
On 3/5/21 8:37 AM, arjan tijms wrote:
> Hi,
>
> For some time now, X509Certificate#getSubjectDN is "denigrated":
>
> /**
> * <strong>Denigrated</strong>, replaced by {@linkplain
> * #getSubjectX500Principal()}. This method returns the {@code subject}
> * as an implementation specific Principal object, which should not be
> * relied upon by portable code.
> *
> * <p>
> * Gets the {@code subject} (subject distinguished name) value
> * from the certificate. If the {@code subject} value is empty,
> * then the {@code getName()} method of the returned
> * {@code Principal} object returns an empty string ("").
> *
> * <p> The ASN.1 definition for this is:
> * <pre>
> * subject Name
> * </pre>
> *
> * <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name}
> * and other relevant definitions.
> *
> * @return a Principal whose name is the subject name.
> */
> public abstract Principal getSubjectDN();
>
> Maybe the original writer meant "deprecated"? If so, maybe it's time to
> deprecate the denigrated term here, and formally deprecate getSubjectDN?
>
> Kind regards,
> Arjan Tijms
>
More information about the jdk-dev
mailing list