(Moving to security-dev and bcc-ing jdk-dev)
This issue is fixed in JDK 16 [1], and the API is now deprecated [2],
along with several other related APIs that used that term.
--Sean
[1] https://hg.openjdk.java.net/jdk/jdk/rev/145e1859a0a8
[2]
https://download.java.net/java/early_access/jdk16/docs/api/java.base/java/security/cert/X509Certificate.html#getSubjectDN()
On 3/5/21 8:37 AM, arjan tijms wrote:
Hi,
For some time now, X509Certificate#getSubjectDN is "denigrated":
/**
* <strong>Denigrated</strong>, replaced by {@linkplain
* #getSubjectX500Principal()}. This method returns the {@code subject}
* as an implementation specific Principal object, which should not be
* relied upon by portable code.
*
* <p>
* Gets the {@code subject} (subject distinguished name) value
* from the certificate. If the {@code subject} value is empty,
* then the {@code getName()} method of the returned
* {@code Principal} object returns an empty string ("").
*
* <p> The ASN.1 definition for this is:
* <pre>
* subject Name
* </pre>
*
* <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name}
* and other relevant definitions.
*
* @return a Principal whose name is the subject name.
*/
public abstract Principal getSubjectDN();
Maybe the original writer meant "deprecated"? If so, maybe it's time to
deprecate the denigrated term here, and formally deprecate getSubjectDN?
Kind regards,
Arjan Tijms
