Re: RFR : 8054019 Keytool Error publicKey's is not X.509, but X509

Tue, 02 Sep 2014 09:42:43 -0700 


On 02/09/2014 17:17, Sean Mullan wrote:
That seems fine to me. While you are in there, it would also be nice to fix the grammar of the exception message, ex: 


"public key format is " + publicKey.getFormat() + ", must be 
X.509/X509");

Will do.


Thought about adding X.509 to message that but the correct format is 
"X.509" only.

I think it's best for an exception message to promote the correct format :

"Public key format is " + publicKey.getFormat() + ", must be X.509");

I'll go ahead with that unless I hear otherwise. Will log a bug 8u/9 also.

regards,
Sean.


and open another bug to correct that in JDK 9.

Thanks,
Sean

On 09/02/2014 11:52 AM, Seán Coffey wrote:

I'd like to bring this change into 7u only. The 7u40 7109096 fix 
introduced

tighter conditions around Key.getFormat(). Some interoperability issues
have been seen for key generators that mightn't strictly honour the
ASN.1 data format of X509 keys.

As a result, I don't think the restriction was suitable for an update
release
and we should relax it :

https://bugs.openjdk.java.net/browse/JDK-8054019

diff --git a/src/share/classes/sun/security/x509/CertAndKeyGen.java
b/src/share/classes/sun/security/x509/CertAndKeyGen.java
--- a/src/share/classes/sun/security/x509/CertAndKeyGen.java
+++ b/src/share/classes/sun/security/x509/CertAndKeyGen.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights
reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *

  * This code is free software; you can redistribute it and/or 
modify it

@@ -156,7 +156,9 @@

         // publicKey's format must be X.509 otherwise
         // the whole CertGen part of this class is broken.
-        if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
+        // Allow "X509" in 7u for backwards compatibility.
+        if (!"X.509".equalsIgnoreCase(publicKey.getFormat()) &&
+            !"X509".equalsIgnoreCase(publicKey.getFormat())) {
             throw new IllegalArgumentException("publicKey's is not
X.509, but "
                     + publicKey.getFormat());
         }


Regards,
Sean.

























					Reply via email to