7198416: CertificateIssuerName and CertificateSubjectName are redundant

Reviewed-by: mullan Contributed-by: jason.uh@oracle.com

7198416: CertificateIssuerName and CertificateSubjectName are redundant
Reviewed-by: mullan Contributed-by: jason.uh@oracle.com
fe336b37 · mullan · ba3d23b3 · fe336b37 · fe336b37 · fe336b37
10 changed file
--- a/src/share/classes/sun/security/pkcs/PKCS7.java
+++ b/src/share/classes/sun/security/pkcs/PKCS7.java
@@ -39,7 +39,6 @@ import java.security.*;
 import sun.security.timestamp.*;
 import sun.security.util.*;
 import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateIssuerName;
 import sun.security.x509.X509CertImpl;
 import sun.security.x509.X509CertInfo;
 import sun.security.x509.X509CRLImpl;
@@ -712,8 +711,8 @@ public class PKCS7 {
                    X509CertInfo tbsCert =
                        new X509CertInfo(cert.getTBSCertificate());
                    certIssuerName = (Principal)
-                        tbsCert.get(CertificateIssuerName.NAME + "." +
+                        tbsCert.get(X509CertInfo.ISSUER + "." +
-                                    CertificateIssuerName.DN_NAME);
+                                    X509CertInfo.DN_NAME);
                } catch (Exception e) {
                    // error generating X500Name object from the cert's
                    // issuer DN, leave name as is.

--- a/src/share/classes/sun/security/tools/jarsigner/Main.java
+++ b/src/share/classes/sun/security/tools/jarsigner/Main.java
@@ -2259,9 +2259,9 @@ class SignatureFile {
                X509CertInfo tbsCert = new
                    X509CertInfo(certChain[0].getTBSCertificate());
                issuerName = (Principal)
-                    tbsCert.get(CertificateIssuerName.NAME + "." +
+                    tbsCert.get(X509CertInfo.ISSUER + "." +
-                                CertificateIssuerName.DN_NAME);
+                                X509CertInfo.DN_NAME);
-            }
+                }
            BigInteger serial = certChain[0].getSerialNumber();
            String signatureAlgorithm;

--- a/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
+++ b/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
@@ -258,10 +258,10 @@ public final class CertAndKeyGen {
            AlgorithmId algID = AlgorithmId.get(sigAlg);
            info.set(X509CertInfo.ALGORITHM_ID,
                     new CertificateAlgorithmId(algID));
-            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
+            info.set(X509CertInfo.SUBJECT, myname);
            info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
            info.set(X509CertInfo.VALIDITY, interval);
-            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
+            info.set(X509CertInfo.ISSUER, myname);
            if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
            cert = new X509CertImpl(info);

--- a/src/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/share/classes/sun/security/tools/keytool/Main.java
@@ -1145,7 +1145,7 @@ public final class Main {
        X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                X509CertImpl.NAME + "." + X509CertImpl.INFO);
        X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                           X509CertInfo.DN_NAME);
        Date firstDate = getStartDate(startDate);
        Date lastDate = new Date();
@@ -1170,7 +1170,7 @@ public final class Main {
        info.set(X509CertInfo.ALGORITHM_ID,
                    new CertificateAlgorithmId(
                        AlgorithmId.get(sigAlgName)));
-        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
+        info.set(X509CertInfo.ISSUER, issuer);
        BufferedReader reader = new BufferedReader(new InputStreamReader(in));
        boolean canRead = false;
@@ -1193,8 +1193,8 @@ public final class Main {
        PKCS10 req = new PKCS10(rawReq);
        info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
-        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+        info.set(X509CertInfo.SUBJECT,
-                dname==null?req.getSubjectName():new X500Name(dname)));
+                    dname==null?req.getSubjectName():new X500Name(dname));
        CertificateExtensions reqex = null;
        Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
        while (attrs.hasNext()) {
@@ -1234,7 +1234,7 @@ public final class Main {
        X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                X509CertImpl.NAME + "." + X509CertImpl.INFO);
        X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                                      X509CertInfo.DN_NAME);
        Date firstDate = getStartDate(startDate);
        Date lastDate = (Date) firstDate.clone();
@@ -2405,16 +2405,16 @@ public final class Main {
        if (dname == null) {
            // Get the owner name from the certificate
            owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                           X509CertInfo.DN_NAME);
        } else {
            // Use the owner name specified at the command line
            owner = new X500Name(dname);
            certInfo.set(X509CertInfo.SUBJECT + "." +
-                         CertificateSubjectName.DN_NAME, owner);
+                         X509CertInfo.DN_NAME, owner);
        }
        // Make issuer same as owner (self-signed!)
        certInfo.set(X509CertInfo.ISSUER + "." +
-                     CertificateIssuerName.DN_NAME, owner);
+                     X509CertInfo.DN_NAME, owner);
        // The inner and outer signature algorithms have to match.
        // The way we achieve that is really ugly, but there seems to be no

--- a/src/share/classes/sun/security/x509/X509CertImpl.java
+++ b/src/share/classes/sun/security/x509/X509CertImpl.java
@@ -96,12 +96,10 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
     */
    // x509.info.subject.dname
    public static final String SUBJECT_DN = NAME + DOT + INFO + DOT +
-                               X509CertInfo.SUBJECT + DOT +
+                               X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME;
-                               CertificateSubjectName.DN_NAME;
    // x509.info.issuer.dname
    public static final String ISSUER_DN = NAME + DOT + INFO + DOT +
-                               X509CertInfo.ISSUER + DOT +
+                               X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME;
-                               CertificateIssuerName.DN_NAME;
    // x509.info.serialNumber.number
    public static final String SERIAL_ID = NAME + DOT + INFO + DOT +
                               X509CertInfo.SERIAL_NUMBER + DOT +
@@ -890,9 +888,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
        if (info == null)
            return null;
        try {
-            Principal subject = (Principal)info.get(
+            Principal subject = (Principal)info.get(X509CertInfo.SUBJECT + DOT +
-                                 CertificateSubjectName.NAME + DOT +
+                                                    X509CertInfo.DN_NAME);
-                                 CertificateSubjectName.DN_NAME);
            return subject;
        } catch (Exception e) {
            return null;
@@ -910,8 +907,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
        }
        try {
            X500Principal subject = (X500Principal)info.get(
-                                CertificateSubjectName.NAME + DOT +
+                                            X509CertInfo.SUBJECT + DOT +
-                                CertificateSubjectName.DN_PRINCIPAL);
+                                            "x500principal");
            return subject;
        } catch (Exception e) {
            return null;
@@ -927,9 +924,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
        if (info == null)
            return null;
        try {
-            Principal issuer = (Principal)info.get(
+            Principal issuer = (Principal)info.get(X509CertInfo.ISSUER + DOT +
-                                CertificateIssuerName.NAME + DOT +
+                                                   X509CertInfo.DN_NAME);
-                                CertificateIssuerName.DN_NAME);
            return issuer;
        } catch (Exception e) {
            return null;
@@ -947,8 +943,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
        }
        try {
            X500Principal issuer = (X500Principal)info.get(
-                                CertificateIssuerName.NAME + DOT +
+                                            X509CertInfo.ISSUER + DOT +
-                                CertificateIssuerName.DN_PRINCIPAL);
+                                            "x500principal");
            return issuer;
        } catch (Exception e) {
            return null;

--- a/src/share/classes/sun/security/x509/X509CertInfo.java
+++ b/src/share/classes/sun/security/x509/X509CertInfo.java
@@ -68,12 +68,13 @@ public class X509CertInfo implements CertAttrSet<String> {
    public static final String IDENT = "x509.info";
    // Certificate attribute names
    public static final String NAME = "info";
+    public static final String DN_NAME = "dname";
    public static final String VERSION = CertificateVersion.NAME;
    public static final String SERIAL_NUMBER = CertificateSerialNumber.NAME;
    public static final String ALGORITHM_ID = CertificateAlgorithmId.NAME;
-    public static final String ISSUER = CertificateIssuerName.NAME;
+    public static final String ISSUER = "issuer";
+    public static final String SUBJECT = "subject";
    public static final String VALIDITY = CertificateValidity.NAME;
-    public static final String SUBJECT = CertificateSubjectName.NAME;
    public static final String KEY = CertificateX509Key.NAME;
    public static final String ISSUER_ID = "issuerID";
    public static final String SUBJECT_ID = "subjectID";
@@ -83,9 +84,9 @@ public class X509CertInfo implements CertAttrSet<String> {
    protected CertificateVersion version = new CertificateVersion();
    protected CertificateSerialNumber   serialNum = null;
    protected CertificateAlgorithmId    algId = null;
-    protected CertificateIssuerName     issuer = null;
+    protected X500Name                  issuer = null;
+    protected X500Name                  subject = null;
    protected CertificateValidity       interval = null;
-    protected CertificateSubjectName    subject = null;
    protected CertificateX509Key        pubKey = null;
    // X509.v2 & v3 extensions
@@ -399,11 +400,7 @@ public class X509CertInfo implements CertAttrSet<String> {
            break;
        case ATTR_ISSUER:
-            if (suffix == null) {
+            setIssuer(val);
-                setIssuer(val);
-            } else {
-                issuer.set(suffix, val);
-            }
            break;
        case ATTR_VALIDITY:
@@ -415,11 +412,7 @@ public class X509CertInfo implements CertAttrSet<String> {
            break;
        case ATTR_SUBJECT:
-            if (suffix == null) {
+            setSubject(val);
-                setSubject(val);
-            } else {
-                subject.set(suffix, val);
-            }
            break;
        case ATTR_KEY:
@@ -493,11 +486,7 @@ public class X509CertInfo implements CertAttrSet<String> {
            }
            break;
        case (ATTR_ISSUER):
-            if (suffix == null) {
+            issuer = null;
-                issuer = null;
-            } else {
-                issuer.delete(suffix);
-            }
            break;
        case (ATTR_VALIDITY):
            if (suffix == null) {
@@ -507,11 +496,7 @@ public class X509CertInfo implements CertAttrSet<String> {
            }
            break;
        case (ATTR_SUBJECT):
-            if (suffix == null) {
+            subject = null;
-                subject = null;
-            } else {
-                subject.delete(suffix);
-            }
            break;
        case (ATTR_KEY):
            if (suffix == null) {
@@ -571,13 +556,13 @@ public class X509CertInfo implements CertAttrSet<String> {
            if (suffix == null) {
                return(subject);
            } else {
-                return(subject.get(suffix));
+                return(getX500Name(suffix, false));
            }
        case (ATTR_ISSUER):
            if (suffix == null) {
                return(issuer);
            } else {
-                return(issuer.get(suffix));
+                return(getX500Name(suffix, true));
            }
        case (ATTR_KEY):
            if (suffix == null) {
@@ -617,6 +602,21 @@ public class X509CertInfo implements CertAttrSet<String> {
        return null;
    }
+    /*
+     * Get the Issuer or Subject name
+     */
+    private Object getX500Name(String name, boolean getIssuer)
+        throws IOException {
+        if (name.equalsIgnoreCase(X509CertInfo.DN_NAME)) {
+            return getIssuer ? issuer : subject;
+        } else if (name.equalsIgnoreCase("x500principal")) {
+            return getIssuer ? issuer.asX500Principal()
+                             : subject.asX500Principal();
+        } else {
+            throw new IOException("Attribute name not recognized.");
+        }
+    }
    /*
     * This routine unmarshals the certificate information.
     */
@@ -646,9 +646,8 @@ public class X509CertInfo implements CertAttrSet<String> {
        algId = new CertificateAlgorithmId(in);
        // Issuer name
-        issuer = new CertificateIssuerName(in);
+        issuer = new X500Name(in);
-        X500Name issuerDN = (X500Name)issuer.get(CertificateIssuerName.DN_NAME);
+        if (issuer.isEmpty()) {
-        if (issuerDN.isEmpty()) {
            throw new CertificateParsingException(
                "Empty issuer DN not allowed in X509Certificates");
        }
@@ -657,10 +656,9 @@ public class X509CertInfo implements CertAttrSet<String> {
        interval = new CertificateValidity(in);
        // subject name
-        subject = new CertificateSubjectName(in);
+        subject = new X500Name(in);
-        X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
        if ((version.compare(CertificateVersion.V1) == 0) &&
-                subjectDN.isEmpty()) {
+                subject.isEmpty()) {
            throw new CertificateParsingException(
                      "Empty subject DN not allowed in v1 certificate");
        }
@@ -712,13 +710,12 @@ public class X509CertInfo implements CertAttrSet<String> {
    /*
     * Verify if X.509 V3 Certificate is compliant with RFC 3280.
     */
-    private void verifyCert(CertificateSubjectName subject,
+    private void verifyCert(X500Name subject,
        CertificateExtensions extensions)
        throws CertificateParsingException, IOException {
        // if SubjectName is empty, check for SubjectAlternativeNameExtension
-        X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
+        if (subject.isEmpty()) {
-        if (subjectDN.isEmpty()) {
            if (extensions == null) {
                throw new CertificateParsingException("X.509 Certificate is " +
                        "incomplete: subject field is empty, and certificate " +
@@ -859,11 +856,11 @@ public class X509CertInfo implements CertAttrSet<String> {
     * @exception CertificateException on invalid data.
     */
    private void setIssuer(Object val) throws CertificateException {
-        if (!(val instanceof CertificateIssuerName)) {
+        if (!(val instanceof X500Name)) {
            throw new CertificateException(
                             "Issuer class type invalid.");
        }
-        issuer = (CertificateIssuerName)val;
+        issuer = (X500Name)val;
    }
    /**
@@ -887,11 +884,11 @@ public class X509CertInfo implements CertAttrSet<String> {
     * @exception CertificateException on invalid data.
     */
    private void setSubject(Object val) throws CertificateException {
-        if (!(val instanceof CertificateSubjectName)) {
+        if (!(val instanceof X500Name)) {
            throw new CertificateException(
                             "Subject class type invalid.");
        }
-        subject = (CertificateSubjectName)val;
+        subject = (X500Name)val;
    }
    /**

--- a/src/share/classes/sun/security/x509/certAttributes.html
+++ b/src/share/classes/sun/security/x509/certAttributes.html
@@ -6,7 +6,7 @@
 <h2><center>Certificate Attributes</center></h2>
 <font size=3><center>July 1998</font></center>
 <p>
-In JDK1.2 we provide an implementation of X.509 (version 3). 
+In JDK1.2 we provide an implementation of X.509 (version 3).
 The X509CertImpl class supports the following methods to
 manipulate the various attributes of a certificate:
 <pre>
@@ -86,9 +86,9 @@ AlgorithmId</td>
 <td>issuer</td>
 <td>x509.info.issuer<br>
 x509.info.issuer.dname</td>
-<td>CertificateIssuerName.IDENT<br>
+<td>none<br>
 X509CertImpl.ISSUER_DN</td>
-<td>CertificateIssuerName<br>
+<td>X500Name<br>
 X500Name</td>
 </tr>
 <tr>
@@ -109,9 +109,9 @@ java.util.Date</td>
 <td>subject</td>
 <td>x509.info.subject<br>
 x509.info.subject.dname</td>
-<td>CertificateSubjectName.IDENT<br>
+<td>none<br>
 X509CertImpl.SUBJECT_DN</td>
-<td>CertificateSubjectName<br>
+<td>X500Name<br>
 X500Name</td>
 </tr>
 <tr>
@@ -127,18 +127,18 @@ X509Key</td>
 <td>issuerUniqueID</td>
 <td>x509.info.issuerID<br>
 x509.info.issuerID.id</td>
-<td>CertificateIssuerUniqueIdentity.IDENT<br>
+<td>none<br>
 none</td>
-<td>CertificateIssuerUniqueIdentity<br>
+<td>UniqueIdentity<br>
 UniqueIdentity</td>
 </tr>
 <tr>
 <td>subjectUniqueID</td>
 <td>x509.info.subjectID<br>
 x509.info.subjectID.id</td>
-<td>CertificateSubjectUniqueIdentity.IDENT<br>
+<td>none<br>
 none</td>
-<td>CertificateSubjectUniqueIdentity<br>
+<td>UniqueIdentity<br>
 UniqueIdentity</td>
 </tr>
 <tr>

--- a/test/sun/security/pkcs11/rsa/GenKeyStore.java
+++ b/test/sun/security/pkcs11/rsa/GenKeyStore.java
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -54,8 +54,8 @@ public class GenKeyStore {
        certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
        certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
        certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
-        certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
+        certInfo.set(X509CertInfo.SUBJECT, name);
-        certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name));
+        certInfo.set(X509CertInfo.ISSUER, name);
        certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
        certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));

--- a/test/sun/security/provider/X509Factory/BigCRL.java
+++ b/test/sun/security/provider/X509Factory/BigCRL.java
@@ -57,7 +57,7 @@ public class BigCRL {
        X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                X509CertImpl.NAME + "." + X509CertImpl.INFO);
        X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
-                + CertificateSubjectName.DN_NAME);
+                + X509CertInfo.DN_NAME);
        Date date = new Date();
        PrivateKey privateKey = (PrivateKey)

--- a/test/sun/security/rsa/GenKeyStore.java
+++ b/test/sun/security/rsa/GenKeyStore.java
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -54,8 +54,8 @@ public class GenKeyStore {
        certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
        certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
        certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
-        certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
+        certInfo.set(X509CertInfo.SUBJECT, name);
-        certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name));
+        certInfo.set(X509CertInfo.ISSUER, name);
        certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
        certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));