changeset 5035:0720542d6c1e

7024604: OID.1 causes IAE in X500Principal constructor Reviewed-by: vinnie
author mullan
date Wed, 15 Feb 2012 07:45:42 -0500
parents c6d6ef8ec2bf
children 3207b3e271f2
files src/share/classes/javax/security/auth/x500/X500Principal.java src/share/classes/javax/security/auth/x500/package.html test/javax/security/auth/x500/X500Principal/Parse.java
diffstat 3 files changed, 43 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/javax/security/auth/x500/X500Principal.java	Tue Feb 07 13:28:32 2012 +0000
+++ b/src/share/classes/javax/security/auth/x500/X500Principal.java	Wed Feb 15 07:45:42 2012 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -107,10 +107,17 @@
      * defined in RFC 1779 and RFC 2253
      * (and listed in {@link #getName(String format) getName(String format)}),
      * as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS,
-     * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose OIDs are
-     * defined in RFC 3280 and its successor.
+     * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object
+     * Identifiers (OIDs) are defined in RFC 3280 and its successor.
      * Any other attribute type must be specified as an OID.
      *
+     * <p>This implementation enforces a more restrictive OID syntax than
+     * defined in RFC 1779 and 2253. It uses the more correct syntax defined in
+     * <a href="http://www.ietf.org/rfc/rfc4512.txt">RFC 4512</a>, which
+     * specifies that OIDs contain at least 2 digits:
+     *
+     * <p>{@code numericoid = number 1*( DOT number ) }
+     *
      * @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format
      * @exception NullPointerException if the <code>name</code>
      *                  is <code>null</code>
@@ -135,10 +142,17 @@
      * keywords recognized by <code>X500Principal(String)</code>. Keywords
      * MUST be specified in all upper-case, otherwise they will be ignored.
      * Improperly specified keywords are ignored; however if a keyword in the
-     * name maps to an improperly specified OID, an
+     * name maps to an improperly specified Object Identifier (OID), an
      * <code>IllegalArgumentException</code> is thrown. It is permissible to
      * have 2 different keywords that map to the same OID.
      *
+     * <p>This implementation enforces a more restrictive OID syntax than
+     * defined in RFC 1779 and 2253. It uses the more correct syntax defined in
+     * <a href="http://www.ietf.org/rfc/rfc4512.txt">RFC 4512</a>, which
+     * specifies that OIDs contain at least 2 digits:
+     *
+     * <p>{@code numericoid = number 1*( DOT number ) }
+     *
      * @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format
      * @param keywordMap an attribute type keyword map, where each key is a
      *   keyword String that maps to a corresponding object identifier in String
--- a/src/share/classes/javax/security/auth/x500/package.html	Tue Feb 07 13:28:32 2012 +0000
+++ b/src/share/classes/javax/security/auth/x500/package.html	Wed Feb 15 07:45:42 2012 -0500
@@ -2,7 +2,7 @@
 <html>
 <head>
 <!--
-Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
 DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
 This code is free software; you can redistribute it and/or modify it
@@ -30,17 +30,26 @@
 <body bgcolor="white">
 
     This package contains the classes that should be used to store 
-    X500 Principal and X500 Private Crendentials in a
+    X500 Principal and X500 Private Credentials in a
     <i>Subject</i>.
 
-<!--
 <h2>Package Specification</h2>
 
-##### FILL IN ANY SPECS NEEDED BY JAVA COMPATIBILITY KIT #####
 <ul>
-  <li><a href="">##### REFER TO ANY FRAMEMAKER SPECIFICATION HERE #####</a>
+  <li><a href="http://www.ietf.org/rfc/rfc1779.txt">
+    RFC 1779: A String Representation of Distinguished Names</a></li>
+  <li><a href="http://www.ietf.org/rfc/rfc2253.txt">
+    RFC 2253: Lightweight Directory Access Protocol (v3):
+    UTF-8 String Representation of Distinguished Names</a></li>
+  <li><a href="http://www.ietf.org/rfc/rfc3280.txt">
+    RFC 3280: Internet X.509 Public Key Infrastructure
+    Certificate and Certificate Revocation List (CRL) Profile</a></li>
+  <li><a href="http://www.ietf.org/rfc/rfc4512.txt">
+    RFC 4512: Lightweight Directory Access Protocol (LDAP):
+    Directory Information Models</a></li>
 </ul>
 
+<!--
 <h2>Related Documentation</h2>
 
 For overviews, tutorials, examples, guides, and tool documentation, please see:
--- a/test/javax/security/auth/x500/X500Principal/Parse.java	Tue Feb 07 13:28:32 2012 +0000
+++ b/test/javax/security/auth/x500/X500Principal/Parse.java	Wed Feb 15 07:45:42 2012 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 7024771
+ * @bug 7024771 7024604
  * @summary various X500Principal DN parsing tests
  */
 
@@ -32,12 +32,18 @@
 public class Parse {
 
     private static TestCase[] testCases = {
-        new TestCase("CN=prefix\\<>suffix", false)
+        new TestCase("CN=prefix\\<>suffix", false),
+        new TestCase("OID.1=value", false),
+        new TestCase("oid.1=value", false),
+        new TestCase("OID.1.2=value", true),
+        new TestCase("oid.1.2=value", true),
+        new TestCase("1=value", false),
+        new TestCase("1.2=value", true)
     };
 
     public static void main(String args[]) throws Exception {
-        for (int i = 0; i < testCases.length; i++) {
-            testCases[i].run();
+        for (TestCase testCase : testCases) {
+            testCase.run();
         }
         System.out.println("Test completed ok.");
     }