On 8/21/20 2:01 PM, Xuelei Fan wrote:
Looks fine to me.
Just a trivial format comment. Some use link for "RFC 2253", some do
not. It's OK. And it's good as well if you want to use a uniform style.
Good point. Several methods in X509CertSelector and X509CRLSelector
reference RFC 2253 several times. I have changed them to be consistent
so that the first reference in each method is a link to 2253, while the
rest of them are text.
--Sean
Xuelei
On 8/21/2020 9:24 AM, Sean Mullan wrote:
Ping ...
On 8/7/20 10:01 AM, Sean Mullan wrote:
Please review this change to deprecate the following APIs:
java.security.cert.X509Certificate.getIssuerDN()
java.security.cert.X509Certificate.getSubjectDN()
java.security.cert.X509CRL.getIssuerDN()
java.security.cert.X509CertSelector.setIssuer(String)
java.security.cert.X509CertSelector.setSubject(String)
java.security.cert.X509CertSelector.getIssuerAsString()
java.security.cert.X509CertSelector.getSubjectAsString()
java.security.cert.X509CRLSelector.addIssuerName(String)
These APIs either take or return Distinguished Names as Principal or
String objects which can cause issues due to loss of encoding
information or differences when comparing names across different
Principal implementations. All of them have alternative APIs which
use X500Principal objects instead. They have long had warnings in the
javadoc and have been discouraged from being used. There are no plans
to remove the APIs at this time, as they have been in the platform
for a long time and removing them would be a much higher
compatibility risk.
webrev: https://cr.openjdk.java.net/~mullan/webrevs/8241003/webrev.00/
CSR: https://bugs.openjdk.java.net/browse/JDK-8250970
bug: https://bugs.openjdk.java.net/browse/JDK-8241003
--Sean
