7024604: OID.1 causes IAE in X500Principal constructor

Reviewed-by: vinnie

7024604: OID.1 causes IAE in X500Principal constructor
Reviewed-by: vinnie
d0a65b59 · mullan · 260dbba1 · d0a65b59 · d0a65b59 · d0a65b59
3 changed file
--- a/src/share/classes/javax/security/auth/x500/X500Principal.java
+++ b/src/share/classes/javax/security/auth/x500/X500Principal.java
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -107,10 +107,17 @@ public final class X500Principal implements Principal, java.io.Serializable {
     * defined in RFC 1779 and RFC 2253
     * (and listed in {@link #getName(String format) getName(String format)}),
     * as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS,
-     * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose OIDs are
+     * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object
-     * defined in RFC 3280 and its successor.
+     * Identifiers (OIDs) are defined in RFC 3280 and its successor.
     * Any other attribute type must be specified as an OID.
     *
+     * <p>This implementation enforces a more restrictive OID syntax than
+     * defined in RFC 1779 and 2253. It uses the more correct syntax defined in
+     * <a href="http://www.ietf.org/rfc/rfc4512.txt">RFC 4512</a>, which
+     * specifies that OIDs contain at least 2 digits:
+     *
+     * <p>{@code numericoid = number 1*( DOT number ) }
+     *
     * @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format
     * @exception NullPointerException if the <code>name</code>
     *                  is <code>null</code>
@@ -135,10 +142,17 @@ public final class X500Principal implements Principal, java.io.Serializable {
     * keywords recognized by <code>X500Principal(String)</code>. Keywords
     * MUST be specified in all upper-case, otherwise they will be ignored.
     * Improperly specified keywords are ignored; however if a keyword in the
-     * name maps to an improperly specified OID, an
+     * name maps to an improperly specified Object Identifier (OID), an
     * <code>IllegalArgumentException</code> is thrown. It is permissible to
     * have 2 different keywords that map to the same OID.
     *
+     * <p>This implementation enforces a more restrictive OID syntax than
+     * defined in RFC 1779 and 2253. It uses the more correct syntax defined in
+     * <a href="http://www.ietf.org/rfc/rfc4512.txt">RFC 4512</a>, which
+     * specifies that OIDs contain at least 2 digits:
+     *
+     * <p>{@code numericoid = number 1*( DOT number ) }
+     *
     * @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format
     * @param keywordMap an attribute type keyword map, where each key is a
     *   keyword String that maps to a corresponding object identifier in String

--- a/src/share/classes/javax/security/auth/x500/package.html
+++ b/src/share/classes/javax/security/auth/x500/package.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 <!--
-Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
 DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 This code is free software; you can redistribute it and/or modify it
@@ -30,17 +30,26 @@ questions.
 <body bgcolor="white">
    This package contains the classes that should be used to store 
-    X500 Principal and X500 Private Crendentials in a
+    X500 Principal and X500 Private Credentials in a
    <i>Subject</i>.
-<!--
 <h2>Package Specification</h2>
-##### FILL IN ANY SPECS NEEDED BY JAVA COMPATIBILITY KIT #####
 <ul>
-  <li><a href="">##### REFER TO ANY FRAMEMAKER SPECIFICATION HERE #####</a>
+  <li><a href="http://www.ietf.org/rfc/rfc1779.txt">
+    RFC 1779: A String Representation of Distinguished Names</a></li>
+  <li><a href="http://www.ietf.org/rfc/rfc2253.txt">
+    RFC 2253: Lightweight Directory Access Protocol (v3):
+    UTF-8 String Representation of Distinguished Names</a></li>
+  <li><a href="http://www.ietf.org/rfc/rfc3280.txt">
+    RFC 3280: Internet X.509 Public Key Infrastructure
+    Certificate and Certificate Revocation List (CRL) Profile</a></li>
+  <li><a href="http://www.ietf.org/rfc/rfc4512.txt">
+    RFC 4512: Lightweight Directory Access Protocol (LDAP):
+    Directory Information Models</a></li>
 </ul>
+<!--
 <h2>Related Documentation</h2>
 For overviews, tutorials, examples, guides, and tool documentation, please see:

--- a/test/javax/security/auth/x500/X500Principal/Parse.java
+++ b/test/javax/security/auth/x500/X500Principal/Parse.java
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 /*
 * @test
- * @bug 7024771
+ * @bug 7024771 7024604
 * @summary various X500Principal DN parsing tests
 */
@@ -32,12 +32,18 @@ import javax.security.auth.x500.X500Principal;
 public class Parse {
    private static TestCase[] testCases = {
-        new TestCase("CN=prefix\\<>suffix", false)
+        new TestCase("CN=prefix\\<>suffix", false),
+        new TestCase("OID.1=value", false),
+        new TestCase("oid.1=value", false),
+        new TestCase("OID.1.2=value", true),
+        new TestCase("oid.1.2=value", true),
+        new TestCase("1=value", false),
+        new TestCase("1.2=value", true)
    };
    public static void main(String args[]) throws Exception {
-        for (int i = 0; i < testCases.length; i++) {
+        for (TestCase testCase : testCases) {
-            testCases[i].run();
+            testCase.run();
        }
        System.out.println("Test completed ok.");
    }