7198416: CertificateIssuerName and CertificateSubjectName are redundant
Reviewed-by: mullan
Contributed-by: jason.uh@oracle.com
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Thu Nov 08 12:51:25 2012 -0500
@@ -39,7 +39,6 @@
import sun.security.timestamp.*;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateIssuerName;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import sun.security.x509.X509CRLImpl;
@@ -712,8 +711,8 @@
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
- tbsCert.get(CertificateIssuerName.NAME + "." +
- CertificateIssuerName.DN_NAME);
+ tbsCert.get(X509CertInfo.ISSUER + "." +
+ X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
--- a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java Thu Nov 08 12:51:25 2012 -0500
@@ -2259,9 +2259,9 @@
X509CertInfo tbsCert = new
X509CertInfo(certChain[0].getTBSCertificate());
issuerName = (Principal)
- tbsCert.get(CertificateIssuerName.NAME + "." +
- CertificateIssuerName.DN_NAME);
- }
+ tbsCert.get(X509CertInfo.ISSUER + "." +
+ X509CertInfo.DN_NAME);
+ }
BigInteger serial = certChain[0].getSerialNumber();
String signatureAlgorithm;
--- a/jdk/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java Thu Nov 08 12:51:25 2012 -0500
@@ -258,10 +258,10 @@
AlgorithmId algID = AlgorithmId.get(sigAlg);
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(algID));
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
+ info.set(X509CertInfo.SUBJECT, myname);
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VALIDITY, interval);
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
+ info.set(X509CertInfo.ISSUER, myname);
if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
cert = new X509CertImpl(info);
--- a/jdk/src/share/classes/sun/security/tools/keytool/Main.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/src/share/classes/sun/security/tools/keytool/Main.java Thu Nov 08 12:51:25 2012 -0500
@@ -1145,7 +1145,7 @@
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
- CertificateSubjectName.DN_NAME);
+ X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = new Date();
@@ -1170,7 +1170,7 @@
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(
AlgorithmId.get(sigAlgName)));
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
+ info.set(X509CertInfo.ISSUER, issuer);
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
boolean canRead = false;
@@ -1193,8 +1193,8 @@
PKCS10 req = new PKCS10(rawReq);
info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- dname==null?req.getSubjectName():new X500Name(dname)));
+ info.set(X509CertInfo.SUBJECT,
+ dname==null?req.getSubjectName():new X500Name(dname));
CertificateExtensions reqex = null;
Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
while (attrs.hasNext()) {
@@ -1234,7 +1234,7 @@
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
- CertificateSubjectName.DN_NAME);
+ X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = (Date) firstDate.clone();
@@ -2405,16 +2405,16 @@
if (dname == null) {
// Get the owner name from the certificate
owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
- CertificateSubjectName.DN_NAME);
+ X509CertInfo.DN_NAME);
} else {
// Use the owner name specified at the command line
owner = new X500Name(dname);
certInfo.set(X509CertInfo.SUBJECT + "." +
- CertificateSubjectName.DN_NAME, owner);
+ X509CertInfo.DN_NAME, owner);
}
// Make issuer same as owner (self-signed!)
certInfo.set(X509CertInfo.ISSUER + "." +
- CertificateIssuerName.DN_NAME, owner);
+ X509CertInfo.DN_NAME, owner);
// The inner and outer signature algorithms have to match.
// The way we achieve that is really ugly, but there seems to be no
--- a/jdk/src/share/classes/sun/security/x509/X509CertImpl.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/src/share/classes/sun/security/x509/X509CertImpl.java Thu Nov 08 12:51:25 2012 -0500
@@ -96,12 +96,10 @@
*/
// x509.info.subject.dname
public static final String SUBJECT_DN = NAME + DOT + INFO + DOT +
- X509CertInfo.SUBJECT + DOT +
- CertificateSubjectName.DN_NAME;
+ X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME;
// x509.info.issuer.dname
public static final String ISSUER_DN = NAME + DOT + INFO + DOT +
- X509CertInfo.ISSUER + DOT +
- CertificateIssuerName.DN_NAME;
+ X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME;
// x509.info.serialNumber.number
public static final String SERIAL_ID = NAME + DOT + INFO + DOT +
X509CertInfo.SERIAL_NUMBER + DOT +
@@ -890,9 +888,8 @@
if (info == null)
return null;
try {
- Principal subject = (Principal)info.get(
- CertificateSubjectName.NAME + DOT +
- CertificateSubjectName.DN_NAME);
+ Principal subject = (Principal)info.get(X509CertInfo.SUBJECT + DOT +
+ X509CertInfo.DN_NAME);
return subject;
} catch (Exception e) {
return null;
@@ -910,8 +907,8 @@
}
try {
X500Principal subject = (X500Principal)info.get(
- CertificateSubjectName.NAME + DOT +
- CertificateSubjectName.DN_PRINCIPAL);
+ X509CertInfo.SUBJECT + DOT +
+ "x500principal");
return subject;
} catch (Exception e) {
return null;
@@ -927,9 +924,8 @@
if (info == null)
return null;
try {
- Principal issuer = (Principal)info.get(
- CertificateIssuerName.NAME + DOT +
- CertificateIssuerName.DN_NAME);
+ Principal issuer = (Principal)info.get(X509CertInfo.ISSUER + DOT +
+ X509CertInfo.DN_NAME);
return issuer;
} catch (Exception e) {
return null;
@@ -947,8 +943,8 @@
}
try {
X500Principal issuer = (X500Principal)info.get(
- CertificateIssuerName.NAME + DOT +
- CertificateIssuerName.DN_PRINCIPAL);
+ X509CertInfo.ISSUER + DOT +
+ "x500principal");
return issuer;
} catch (Exception e) {
return null;
--- a/jdk/src/share/classes/sun/security/x509/X509CertInfo.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/src/share/classes/sun/security/x509/X509CertInfo.java Thu Nov 08 12:51:25 2012 -0500
@@ -68,12 +68,13 @@
public static final String IDENT = "x509.info";
// Certificate attribute names
public static final String NAME = "info";
+ public static final String DN_NAME = "dname";
public static final String VERSION = CertificateVersion.NAME;
public static final String SERIAL_NUMBER = CertificateSerialNumber.NAME;
public static final String ALGORITHM_ID = CertificateAlgorithmId.NAME;
- public static final String ISSUER = CertificateIssuerName.NAME;
+ public static final String ISSUER = "issuer";
+ public static final String SUBJECT = "subject";
public static final String VALIDITY = CertificateValidity.NAME;
- public static final String SUBJECT = CertificateSubjectName.NAME;
public static final String KEY = CertificateX509Key.NAME;
public static final String ISSUER_ID = "issuerID";
public static final String SUBJECT_ID = "subjectID";
@@ -83,9 +84,9 @@
protected CertificateVersion version = new CertificateVersion();
protected CertificateSerialNumber serialNum = null;
protected CertificateAlgorithmId algId = null;
- protected CertificateIssuerName issuer = null;
+ protected X500Name issuer = null;
+ protected X500Name subject = null;
protected CertificateValidity interval = null;
- protected CertificateSubjectName subject = null;
protected CertificateX509Key pubKey = null;
// X509.v2 & v3 extensions
@@ -399,11 +400,7 @@
break;
case ATTR_ISSUER:
- if (suffix == null) {
- setIssuer(val);
- } else {
- issuer.set(suffix, val);
- }
+ setIssuer(val);
break;
case ATTR_VALIDITY:
@@ -415,11 +412,7 @@
break;
case ATTR_SUBJECT:
- if (suffix == null) {
- setSubject(val);
- } else {
- subject.set(suffix, val);
- }
+ setSubject(val);
break;
case ATTR_KEY:
@@ -493,11 +486,7 @@
}
break;
case (ATTR_ISSUER):
- if (suffix == null) {
- issuer = null;
- } else {
- issuer.delete(suffix);
- }
+ issuer = null;
break;
case (ATTR_VALIDITY):
if (suffix == null) {
@@ -507,11 +496,7 @@
}
break;
case (ATTR_SUBJECT):
- if (suffix == null) {
- subject = null;
- } else {
- subject.delete(suffix);
- }
+ subject = null;
break;
case (ATTR_KEY):
if (suffix == null) {
@@ -571,13 +556,13 @@
if (suffix == null) {
return(subject);
} else {
- return(subject.get(suffix));
+ return(getX500Name(suffix, false));
}
case (ATTR_ISSUER):
if (suffix == null) {
return(issuer);
} else {
- return(issuer.get(suffix));
+ return(getX500Name(suffix, true));
}
case (ATTR_KEY):
if (suffix == null) {
@@ -618,6 +603,21 @@
}
/*
+ * Get the Issuer or Subject name
+ */
+ private Object getX500Name(String name, boolean getIssuer)
+ throws IOException {
+ if (name.equalsIgnoreCase(X509CertInfo.DN_NAME)) {
+ return getIssuer ? issuer : subject;
+ } else if (name.equalsIgnoreCase("x500principal")) {
+ return getIssuer ? issuer.asX500Principal()
+ : subject.asX500Principal();
+ } else {
+ throw new IOException("Attribute name not recognized.");
+ }
+ }
+
+ /*
* This routine unmarshals the certificate information.
*/
private void parse(DerValue val)
@@ -646,9 +646,8 @@
algId = new CertificateAlgorithmId(in);
// Issuer name
- issuer = new CertificateIssuerName(in);
- X500Name issuerDN = (X500Name)issuer.get(CertificateIssuerName.DN_NAME);
- if (issuerDN.isEmpty()) {
+ issuer = new X500Name(in);
+ if (issuer.isEmpty()) {
throw new CertificateParsingException(
"Empty issuer DN not allowed in X509Certificates");
}
@@ -657,10 +656,9 @@
interval = new CertificateValidity(in);
// subject name
- subject = new CertificateSubjectName(in);
- X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
+ subject = new X500Name(in);
if ((version.compare(CertificateVersion.V1) == 0) &&
- subjectDN.isEmpty()) {
+ subject.isEmpty()) {
throw new CertificateParsingException(
"Empty subject DN not allowed in v1 certificate");
}
@@ -712,13 +710,12 @@
/*
* Verify if X.509 V3 Certificate is compliant with RFC 3280.
*/
- private void verifyCert(CertificateSubjectName subject,
+ private void verifyCert(X500Name subject,
CertificateExtensions extensions)
throws CertificateParsingException, IOException {
// if SubjectName is empty, check for SubjectAlternativeNameExtension
- X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
- if (subjectDN.isEmpty()) {
+ if (subject.isEmpty()) {
if (extensions == null) {
throw new CertificateParsingException("X.509 Certificate is " +
"incomplete: subject field is empty, and certificate " +
@@ -859,11 +856,11 @@
* @exception CertificateException on invalid data.
*/
private void setIssuer(Object val) throws CertificateException {
- if (!(val instanceof CertificateIssuerName)) {
+ if (!(val instanceof X500Name)) {
throw new CertificateException(
"Issuer class type invalid.");
}
- issuer = (CertificateIssuerName)val;
+ issuer = (X500Name)val;
}
/**
@@ -887,11 +884,11 @@
* @exception CertificateException on invalid data.
*/
private void setSubject(Object val) throws CertificateException {
- if (!(val instanceof CertificateSubjectName)) {
+ if (!(val instanceof X500Name)) {
throw new CertificateException(
"Subject class type invalid.");
}
- subject = (CertificateSubjectName)val;
+ subject = (X500Name)val;
}
/**
--- a/jdk/src/share/classes/sun/security/x509/certAttributes.html Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/src/share/classes/sun/security/x509/certAttributes.html Thu Nov 08 12:51:25 2012 -0500
@@ -6,7 +6,7 @@
<h2><center>Certificate Attributes</center></h2>
<font size=3><center>July 1998</font></center>
<p>
-In JDK1.2 we provide an implementation of X.509 (version 3).
+In JDK1.2 we provide an implementation of X.509 (version 3).
The X509CertImpl class supports the following methods to
manipulate the various attributes of a certificate:
<pre>
@@ -86,9 +86,9 @@
<td>issuer</td>
<td>x509.info.issuer<br>
x509.info.issuer.dname</td>
-<td>CertificateIssuerName.IDENT<br>
+<td>none<br>
X509CertImpl.ISSUER_DN</td>
-<td>CertificateIssuerName<br>
+<td>X500Name<br>
X500Name</td>
</tr>
<tr>
@@ -109,9 +109,9 @@
<td>subject</td>
<td>x509.info.subject<br>
x509.info.subject.dname</td>
-<td>CertificateSubjectName.IDENT<br>
+<td>none<br>
X509CertImpl.SUBJECT_DN</td>
-<td>CertificateSubjectName<br>
+<td>X500Name<br>
X500Name</td>
</tr>
<tr>
@@ -127,18 +127,18 @@
<td>issuerUniqueID</td>
<td>x509.info.issuerID<br>
x509.info.issuerID.id</td>
-<td>CertificateIssuerUniqueIdentity.IDENT<br>
+<td>none<br>
none</td>
-<td>CertificateIssuerUniqueIdentity<br>
+<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
<td>subjectUniqueID</td>
<td>x509.info.subjectID<br>
x509.info.subjectID.id</td>
-<td>CertificateSubjectUniqueIdentity.IDENT<br>
+<td>none<br>
none</td>
-<td>CertificateSubjectUniqueIdentity<br>
+<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
--- a/jdk/test/sun/security/pkcs11/rsa/GenKeyStore.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/test/sun/security/pkcs11/rsa/GenKeyStore.java Thu Nov 08 12:51:25 2012 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,8 +54,8 @@
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
- certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name));
+ certInfo.set(X509CertInfo.SUBJECT, name);
+ certInfo.set(X509CertInfo.ISSUER, name);
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));
--- a/jdk/test/sun/security/provider/X509Factory/BigCRL.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/test/sun/security/provider/X509Factory/BigCRL.java Thu Nov 08 12:51:25 2012 -0500
@@ -57,7 +57,7 @@
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
- + CertificateSubjectName.DN_NAME);
+ + X509CertInfo.DN_NAME);
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
--- a/jdk/test/sun/security/rsa/GenKeyStore.java Wed Nov 07 20:50:09 2012 -0800
+++ b/jdk/test/sun/security/rsa/GenKeyStore.java Thu Nov 08 12:51:25 2012 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,8 +54,8 @@
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
- certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name));
+ certInfo.set(X509CertInfo.SUBJECT, name);
+ certInfo.set(X509CertInfo.ISSUER, name);
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));