United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6391482 : DomainComponent is Not IAS5String but PrintableString ( See RFC3280 )

Details
Type:
Bug
Submit Date:
2006-02-28
Status:
Resolved
Updated Date:
2011-03-22
Project Name:
JDK
Resolved Date:
2006-04-29
Component:
security-libs
OS:
solaris_9
Sub-Component:
java.security
CPU:
sparc
Priority:
P3
Resolution:
Fixed
Affected Versions:
1.4.2
Fixed Versions:

Related Reports
Backport:
Backport:

Sub Tasks

Description
Customer reported the following issue.

They have generated the ASN.1 structure of the PCKS#10 generated by keytool. 
They are seeing the following structure

  0 30  422: SEQUENCE { 
 
   4 30  271:   SEQUENCE { 
 
   8 02    1:     INTEGER 0 
 
  11 30  102:     SEQUENCE { 
 
  13 31   19:       SET { 
 
  15 30   17:         SEQUENCE { 
 
  17 06   10:           OBJECT IDENTIFIER '0 9 2342 19200300 100 1 25' 
 
  29 13    3:           PrintableString 'com' 
 
            :           } 
 
            :         } 
 
  34 31   20:       SET { 
 
  36 30   18:         SEQUENCE { 
 
  38 06   10:           OBJECT IDENTIFIER '0 9 2342 19200300 100 1 25' 
 
  50 13    4:           PrintableString 'fhlb' 
 
According to the RFC 3280, 

-- Naming attributes of type DomainComponent (from RFC 2247)
id-domainComponent      AttributeType ::=
                          { 0 9 2342 19200300 100 1 25 }
DomainComponent ::=     IA5String  

The DomainComponent has to be of type IAS5String. 
Instead, it is showing PrintableString. 

Customer suspect a bug in the keytool.

                                    

Comments
SUGGESTED FIX

AVA already includes a special case to ensure that EMAILADDRRESS is always encoded as IA5String rather than PrintableString. The same approach should be taken for DC.
                                     
2006-03-01
EVALUATION

Yes, this is a bug. Fix in progress.
                                     
2006-03-09



Hardware and Software, Engineered to Work Together