Mercurial > hg > openjdk > jdk8 > jdk
changeset 6098:1e7dd9e05ce2
7198416: CertificateIssuerName and CertificateSubjectName are redundant
Reviewed-by: mullan
Contributed-by: jason.uh@oracle.com
| author | mullan |
|---|---|
| date | Thu, 08 Nov 2012 12:51:25 -0500 |
| parents | cdf02b372956 |
| children | 9edfa0e761b9 |
| files | src/share/classes/sun/security/pkcs/PKCS7.java src/share/classes/sun/security/tools/jarsigner/Main.java src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java src/share/classes/sun/security/tools/keytool/Main.java src/share/classes/sun/security/x509/X509CertImpl.java src/share/classes/sun/security/x509/X509CertInfo.java src/share/classes/sun/security/x509/certAttributes.html test/sun/security/pkcs11/rsa/GenKeyStore.java test/sun/security/provider/X509Factory/BigCRL.java test/sun/security/rsa/GenKeyStore.java |
| diffstat | 10 files changed, 77 insertions(+), 85 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/pkcs/PKCS7.java Wed Nov 07 20:50:09 2012 -0800 +++ b/src/share/classes/sun/security/pkcs/PKCS7.java Thu Nov 08 12:51:25 2012 -0500 @@ -39,7 +39,6 @@ import sun.security.timestamp.*; import sun.security.util.*; import sun.security.x509.AlgorithmId; -import sun.security.x509.CertificateIssuerName; import sun.security.x509.X509CertImpl; import sun.security.x509.X509CertInfo; import sun.security.x509.X509CRLImpl; @@ -712,8 +711,8 @@ X509CertInfo tbsCert = new X509CertInfo(cert.getTBSCertificate()); certIssuerName = (Principal) - tbsCert.get(CertificateIssuerName.NAME + "." + - CertificateIssuerName.DN_NAME); + tbsCert.get(X509CertInfo.ISSUER + "." + + X509CertInfo.DN_NAME); } catch (Exception e) { // error generating X500Name object from the cert's // issuer DN, leave name as is.
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java Wed Nov 07 20:50:09 2012 -0800 +++ b/src/share/classes/sun/security/tools/jarsigner/Main.java Thu Nov 08 12:51:25 2012 -0500 @@ -2259,9 +2259,9 @@ X509CertInfo tbsCert = new X509CertInfo(certChain[0].getTBSCertificate()); issuerName = (Principal) - tbsCert.get(CertificateIssuerName.NAME + "." + - CertificateIssuerName.DN_NAME); - } + tbsCert.get(X509CertInfo.ISSUER + "." + + X509CertInfo.DN_NAME); + } BigInteger serial = certChain[0].getSerialNumber(); String signatureAlgorithm;
--- a/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java Wed Nov 07 20:50:09 2012 -0800 +++ b/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java Thu Nov 08 12:51:25 2012 -0500 @@ -258,10 +258,10 @@ AlgorithmId algID = AlgorithmId.get(sigAlg); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID)); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname)); + info.set(X509CertInfo.SUBJECT, myname); info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname)); + info.set(X509CertInfo.ISSUER, myname); if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext); cert = new X509CertImpl(info);
--- a/src/share/classes/sun/security/tools/keytool/Main.java Wed Nov 07 20:50:09 2012 -0800 +++ b/src/share/classes/sun/security/tools/keytool/Main.java Thu Nov 08 12:51:25 2012 -0500 @@ -1145,7 +1145,7 @@ X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + - CertificateSubjectName.DN_NAME); + X509CertInfo.DN_NAME); Date firstDate = getStartDate(startDate); Date lastDate = new Date(); @@ -1170,7 +1170,7 @@ info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.get(sigAlgName))); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer)); + info.set(X509CertInfo.ISSUER, issuer); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); boolean canRead = false; @@ -1193,8 +1193,8 @@ PKCS10 req = new PKCS10(rawReq); info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - dname==null?req.getSubjectName():new X500Name(dname))); + info.set(X509CertInfo.SUBJECT, + dname==null?req.getSubjectName():new X500Name(dname)); CertificateExtensions reqex = null; Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator(); while (attrs.hasNext()) { @@ -1234,7 +1234,7 @@ X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + - CertificateSubjectName.DN_NAME); + X509CertInfo.DN_NAME); Date firstDate = getStartDate(startDate); Date lastDate = (Date) firstDate.clone(); @@ -2405,16 +2405,16 @@ if (dname == null) { // Get the owner name from the certificate owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." + - CertificateSubjectName.DN_NAME); + X509CertInfo.DN_NAME); } else { // Use the owner name specified at the command line owner = new X500Name(dname); certInfo.set(X509CertInfo.SUBJECT + "." + - CertificateSubjectName.DN_NAME, owner); + X509CertInfo.DN_NAME, owner); } // Make issuer same as owner (self-signed!) certInfo.set(X509CertInfo.ISSUER + "." + - CertificateIssuerName.DN_NAME, owner); + X509CertInfo.DN_NAME, owner); // The inner and outer signature algorithms have to match. // The way we achieve that is really ugly, but there seems to be no
--- a/src/share/classes/sun/security/x509/X509CertImpl.java Wed Nov 07 20:50:09 2012 -0800 +++ b/src/share/classes/sun/security/x509/X509CertImpl.java Thu Nov 08 12:51:25 2012 -0500 @@ -96,12 +96,10 @@ */ // x509.info.subject.dname public static final String SUBJECT_DN = NAME + DOT + INFO + DOT + - X509CertInfo.SUBJECT + DOT + - CertificateSubjectName.DN_NAME; + X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME; // x509.info.issuer.dname public static final String ISSUER_DN = NAME + DOT + INFO + DOT + - X509CertInfo.ISSUER + DOT + - CertificateIssuerName.DN_NAME; + X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME; // x509.info.serialNumber.number public static final String SERIAL_ID = NAME + DOT + INFO + DOT + X509CertInfo.SERIAL_NUMBER + DOT + @@ -890,9 +888,8 @@ if (info == null) return null; try { - Principal subject = (Principal)info.get( - CertificateSubjectName.NAME + DOT + - CertificateSubjectName.DN_NAME); + Principal subject = (Principal)info.get(X509CertInfo.SUBJECT + DOT + + X509CertInfo.DN_NAME); return subject; } catch (Exception e) { return null; @@ -910,8 +907,8 @@ } try { X500Principal subject = (X500Principal)info.get( - CertificateSubjectName.NAME + DOT + - CertificateSubjectName.DN_PRINCIPAL); + X509CertInfo.SUBJECT + DOT + + "x500principal"); return subject; } catch (Exception e) { return null; @@ -927,9 +924,8 @@ if (info == null) return null; try { - Principal issuer = (Principal)info.get( - CertificateIssuerName.NAME + DOT + - CertificateIssuerName.DN_NAME); + Principal issuer = (Principal)info.get(X509CertInfo.ISSUER + DOT + + X509CertInfo.DN_NAME); return issuer; } catch (Exception e) { return null; @@ -947,8 +943,8 @@ } try { X500Principal issuer = (X500Principal)info.get( - CertificateIssuerName.NAME + DOT + - CertificateIssuerName.DN_PRINCIPAL); + X509CertInfo.ISSUER + DOT + + "x500principal"); return issuer; } catch (Exception e) { return null;
--- a/src/share/classes/sun/security/x509/X509CertInfo.java Wed Nov 07 20:50:09 2012 -0800 +++ b/src/share/classes/sun/security/x509/X509CertInfo.java Thu Nov 08 12:51:25 2012 -0500 @@ -68,12 +68,13 @@ public static final String IDENT = "x509.info"; // Certificate attribute names public static final String NAME = "info"; + public static final String DN_NAME = "dname"; public static final String VERSION = CertificateVersion.NAME; public static final String SERIAL_NUMBER = CertificateSerialNumber.NAME; public static final String ALGORITHM_ID = CertificateAlgorithmId.NAME; - public static final String ISSUER = CertificateIssuerName.NAME; + public static final String ISSUER = "issuer"; + public static final String SUBJECT = "subject"; public static final String VALIDITY = CertificateValidity.NAME; - public static final String SUBJECT = CertificateSubjectName.NAME; public static final String KEY = CertificateX509Key.NAME; public static final String ISSUER_ID = "issuerID"; public static final String SUBJECT_ID = "subjectID"; @@ -83,9 +84,9 @@ protected CertificateVersion version = new CertificateVersion(); protected CertificateSerialNumber serialNum = null; protected CertificateAlgorithmId algId = null; - protected CertificateIssuerName issuer = null; + protected X500Name issuer = null; + protected X500Name subject = null; protected CertificateValidity interval = null; - protected CertificateSubjectName subject = null; protected CertificateX509Key pubKey = null; // X509.v2 & v3 extensions @@ -399,11 +400,7 @@ break; case ATTR_ISSUER: - if (suffix == null) { - setIssuer(val); - } else { - issuer.set(suffix, val); - } + setIssuer(val); break; case ATTR_VALIDITY: @@ -415,11 +412,7 @@ break; case ATTR_SUBJECT: - if (suffix == null) { - setSubject(val); - } else { - subject.set(suffix, val); - } + setSubject(val); break; case ATTR_KEY: @@ -493,11 +486,7 @@ } break; case (ATTR_ISSUER): - if (suffix == null) { - issuer = null; - } else { - issuer.delete(suffix); - } + issuer = null; break; case (ATTR_VALIDITY): if (suffix == null) { @@ -507,11 +496,7 @@ } break; case (ATTR_SUBJECT): - if (suffix == null) { - subject = null; - } else { - subject.delete(suffix); - } + subject = null; break; case (ATTR_KEY): if (suffix == null) { @@ -571,13 +556,13 @@ if (suffix == null) { return(subject); } else { - return(subject.get(suffix)); + return(getX500Name(suffix, false)); } case (ATTR_ISSUER): if (suffix == null) { return(issuer); } else { - return(issuer.get(suffix)); + return(getX500Name(suffix, true)); } case (ATTR_KEY): if (suffix == null) { @@ -618,6 +603,21 @@ } /* + * Get the Issuer or Subject name + */ + private Object getX500Name(String name, boolean getIssuer) + throws IOException { + if (name.equalsIgnoreCase(X509CertInfo.DN_NAME)) { + return getIssuer ? issuer : subject; + } else if (name.equalsIgnoreCase("x500principal")) { + return getIssuer ? issuer.asX500Principal() + : subject.asX500Principal(); + } else { + throw new IOException("Attribute name not recognized."); + } + } + + /* * This routine unmarshals the certificate information. */ private void parse(DerValue val) @@ -646,9 +646,8 @@ algId = new CertificateAlgorithmId(in); // Issuer name - issuer = new CertificateIssuerName(in); - X500Name issuerDN = (X500Name)issuer.get(CertificateIssuerName.DN_NAME); - if (issuerDN.isEmpty()) { + issuer = new X500Name(in); + if (issuer.isEmpty()) { throw new CertificateParsingException( "Empty issuer DN not allowed in X509Certificates"); } @@ -657,10 +656,9 @@ interval = new CertificateValidity(in); // subject name - subject = new CertificateSubjectName(in); - X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME); + subject = new X500Name(in); if ((version.compare(CertificateVersion.V1) == 0) && - subjectDN.isEmpty()) { + subject.isEmpty()) { throw new CertificateParsingException( "Empty subject DN not allowed in v1 certificate"); } @@ -712,13 +710,12 @@ /* * Verify if X.509 V3 Certificate is compliant with RFC 3280. */ - private void verifyCert(CertificateSubjectName subject, + private void verifyCert(X500Name subject, CertificateExtensions extensions) throws CertificateParsingException, IOException { // if SubjectName is empty, check for SubjectAlternativeNameExtension - X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME); - if (subjectDN.isEmpty()) { + if (subject.isEmpty()) { if (extensions == null) { throw new CertificateParsingException("X.509 Certificate is " + "incomplete: subject field is empty, and certificate " + @@ -859,11 +856,11 @@ * @exception CertificateException on invalid data. */ private void setIssuer(Object val) throws CertificateException { - if (!(val instanceof CertificateIssuerName)) { + if (!(val instanceof X500Name)) { throw new CertificateException( "Issuer class type invalid."); } - issuer = (CertificateIssuerName)val; + issuer = (X500Name)val; } /** @@ -887,11 +884,11 @@ * @exception CertificateException on invalid data. */ private void setSubject(Object val) throws CertificateException { - if (!(val instanceof CertificateSubjectName)) { + if (!(val instanceof X500Name)) { throw new CertificateException( "Subject class type invalid."); } - subject = (CertificateSubjectName)val; + subject = (X500Name)val; } /**
--- a/src/share/classes/sun/security/x509/certAttributes.html Wed Nov 07 20:50:09 2012 -0800 +++ b/src/share/classes/sun/security/x509/certAttributes.html Thu Nov 08 12:51:25 2012 -0500 @@ -6,7 +6,7 @@ <h2><center>Certificate Attributes</center></h2> <font size=3><center>July 1998</font></center> <p> -In JDK1.2 we provide an implementation of X.509 (version 3). +In JDK1.2 we provide an implementation of X.509 (version 3). The X509CertImpl class supports the following methods to manipulate the various attributes of a certificate: <pre> @@ -86,9 +86,9 @@ <td>issuer</td> <td>x509.info.issuer<br> x509.info.issuer.dname</td> -<td>CertificateIssuerName.IDENT<br> +<td>none<br> X509CertImpl.ISSUER_DN</td> -<td>CertificateIssuerName<br> +<td>X500Name<br> X500Name</td> </tr> <tr> @@ -109,9 +109,9 @@ <td>subject</td> <td>x509.info.subject<br> x509.info.subject.dname</td> -<td>CertificateSubjectName.IDENT<br> +<td>none<br> X509CertImpl.SUBJECT_DN</td> -<td>CertificateSubjectName<br> +<td>X500Name<br> X500Name</td> </tr> <tr> @@ -127,18 +127,18 @@ <td>issuerUniqueID</td> <td>x509.info.issuerID<br> x509.info.issuerID.id</td> -<td>CertificateIssuerUniqueIdentity.IDENT<br> +<td>none<br> none</td> -<td>CertificateIssuerUniqueIdentity<br> +<td>UniqueIdentity<br> UniqueIdentity</td> </tr> <tr> <td>subjectUniqueID</td> <td>x509.info.subjectID<br> x509.info.subjectID.id</td> -<td>CertificateSubjectUniqueIdentity.IDENT<br> +<td>none<br> none</td> -<td>CertificateSubjectUniqueIdentity<br> +<td>UniqueIdentity<br> UniqueIdentity</td> </tr> <tr>
--- a/test/sun/security/pkcs11/rsa/GenKeyStore.java Wed Nov 07 20:50:09 2012 -0800 +++ b/test/sun/security/pkcs11/rsa/GenKeyStore.java Thu Nov 08 12:51:25 2012 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -54,8 +54,8 @@ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1)); certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1)); certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID)); - certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); - certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name)); + certInfo.set(X509CertInfo.SUBJECT, name); + certInfo.set(X509CertInfo.ISSUER, name); certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));
--- a/test/sun/security/provider/X509Factory/BigCRL.java Wed Nov 07 20:50:09 2012 -0800 +++ b/test/sun/security/provider/X509Factory/BigCRL.java Thu Nov 08 12:51:25 2012 -0500 @@ -57,7 +57,7 @@ X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." - + CertificateSubjectName.DN_NAME); + + X509CertInfo.DN_NAME); Date date = new Date(); PrivateKey privateKey = (PrivateKey)
--- a/test/sun/security/rsa/GenKeyStore.java Wed Nov 07 20:50:09 2012 -0800 +++ b/test/sun/security/rsa/GenKeyStore.java Thu Nov 08 12:51:25 2012 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -54,8 +54,8 @@ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1)); certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1)); certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID)); - certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); - certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name)); + certInfo.set(X509CertInfo.SUBJECT, name); + certInfo.set(X509CertInfo.ISSUER, name); certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));