That seems fine to me. While you are in there, it would also be nice to
fix the grammar of the exception message, ex:
"public key format is " + publicKey.getFormat() + ", must be X.509/X509");
and open another bug to correct that in JDK 9.
Thanks,
Sean
On 09/02/2014 11:52 AM, Seán Coffey wrote:
I'd like to bring this change into 7u only. The 7u40 7109096 fix introduced
tighter conditions around Key.getFormat(). Some interoperability issues
have been seen for key generators that mightn't strictly honour the
ASN.1 data format of X509 keys.
As a result, I don't think the restriction was suitable for an update
release
and we should relax it :
https://bugs.openjdk.java.net/browse/JDK-8054019
diff --git a/src/share/classes/sun/security/x509/CertAndKeyGen.java
b/src/share/classes/sun/security/x509/CertAndKeyGen.java
--- a/src/share/classes/sun/security/x509/CertAndKeyGen.java
+++ b/src/share/classes/sun/security/x509/CertAndKeyGen.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -156,7 +156,9 @@
// publicKey's format must be X.509 otherwise
// the whole CertGen part of this class is broken.
- if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
+ // Allow "X509" in 7u for backwards compatibility.
+ if (!"X.509".equalsIgnoreCase(publicKey.getFormat()) &&
+ !"X509".equalsIgnoreCase(publicKey.getFormat())) {
throw new IllegalArgumentException("publicKey's is not
X.509, but "
+ publicKey.getFormat());
}
Regards,
Sean.
