JDK-6391482 : DomainComponent is Not IAS5String but PrintableString ( See RFC3280 )
  • Type: Bug
  • Status: Resolved
  • Resolution: Fixed
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Affected Version: 1.4.2
  • OS: solaris_9
  • CPU: sparc
  • Submit Date: 2006-02-28
  • Updated Date: 2011-03-22
  • Resolved Date: 2006-04-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
Other JDK 6
1.4.2_13Resolved 6 b83Resolved
Description
Customer reported the following issue.

They have generated the ASN.1 structure of the PCKS#10 generated by keytool. 
They are seeing the following structure

  0 30  422: SEQUENCE { 
 
   4 30  271:   SEQUENCE { 
 
   8 02    1:     INTEGER 0 
 
  11 30  102:     SEQUENCE { 
 
  13 31   19:       SET { 
 
  15 30   17:         SEQUENCE { 
 
  17 06   10:           OBJECT IDENTIFIER '0 9 2342 19200300 100 1 25' 
 
  29 13    3:           PrintableString 'com' 
 
            :           } 
 
            :         } 
 
  34 31   20:       SET { 
 
  36 30   18:         SEQUENCE { 
 
  38 06   10:           OBJECT IDENTIFIER '0 9 2342 19200300 100 1 25' 
 
  50 13    4:           PrintableString 'fhlb' 
 
According to the RFC 3280, 

-- Naming attributes of type DomainComponent (from RFC 2247)
id-domainComponent      AttributeType ::=
                          { 0 9 2342 19200300 100 1 25 }
DomainComponent ::=     IA5String  

The DomainComponent has to be of type IAS5String. 
Instead, it is showing PrintableString. 

Customer suspect a bug in the keytool.

Comments
EVALUATION Yes, this is a bug. Fix in progress.
2006-03-09

SUGGESTED FIX AVA already includes a special case to ensure that EMAILADDRRESS is always encoded as IA5String rather than PrintableString. The same approach should be taken for DC.
2006-03-01