JDK-8241003 : Deprecate "denigrated" java.security.cert APIs that represent DNs as Principal or String objects
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 15
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • CPU: generic
  • Submitted: 2020-03-13
  • Updated: 2020-09-03
  • Resolved: 2020-08-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 16
16 b14Fixed
Related Reports
CSR :  
JDK-8250970 - Deprecate "denigrated" java.security.cert APIs that represent DNs as Principal or String objects
Relates :  
JDK-4959744 - Denigrate X509Certificate.getSubjectDN() & co
Sub Tasks
JDK-8252392 :  
Release Note: Deprecated the java.security.cert APIs That Represent DNs as Principal or String Objects - Resolved
Description
8 java.security.cert API methods use the term "denigrated" to discourage developers from using methods that take/return Distinguished Names as Principal or String objects. All of them recommend using other methods instead that that take/return an X500Principal. They should instead be deprecated. To be more consistent with modern JDK nomenclature, the "denigrated" term should be removed and the APIs should be identified for official deprecation.

The 8 methods are:
java.security.cert.X509Certificate.getIssuerDN()
java.security.cert.X509Certificate.getSubjectDN()
java.security.cert.X509CRL.getIssuerDN()
java.security.cert.X509CertSelector.setIssuer(String)
java.security.cert.X509CertSelector.setSubject(String)
java.security.cert.X509CertSelector.getIssuerAsString()
java.security.cert.X509CertSelector.getSubjectAsString()
java.security.cert.X509CRLSelector.addIssuerName(String)
Comments
URL: https://hg.openjdk.java.net/jdk/jdk/rev/145e1859a0a8 User: mullan Date: 2020-08-26 17:32:52 +0000
26-08-2020
Since these APIs were marked as "denigrated", the SE deprecation model has been improved and better documented: see https://openjdk.java.net/jeps/277. Thus, these APIs should now be deprecated, as the main reason is to encourage applications to not use them anymore as there are better replacements. However, they should not be marked for removal.
16-03-2020
Or deprecation not-for-removal, as appropriate.
14-03-2020