Bug ID: JDK-7024767 Some unquoted special character are allowed by X500Principal constructor

Type: Bug
Component: security-libs
Sub-Component: java.security
Affected Version: 6

Priority: P4
Status: Closed
Resolution: Duplicate
OS: linux
CPU: x86

Submitted: 2011-03-04
Updated: 2011-08-30
Resolved: 2011-08-30

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 8
8Resolved

BNF RFC 2253 introduces concewpt of special characters that can occur in the attribute value only if they are escaped by "\". 

Special characters are following:  "," / "=" / "+" / "<" /  ">" / "#" / ";"

However following constructor calls:

new X500Principal("CN=<");
new X500Principal("CN=>");
new X500Principal("CN==");

do not cause IAE

Note, that subsequent gerName() call returns escaped special characters.

For example, (new X500Principal("CN==")).getName() returns "CN=\\="

EVALUATION These: new X500Principal("CN=<"); new X500Principal("CN=>"); have been fixed as part of 7024771 and now throw IllegalArgumentException. new X500Principal("CN=="); This has not been fixed. Keep in mind that the X500Principal(String) constructor is designed to be flexible and accept variations in DN format according to RFCs 1779, 2253 and 4514. It is not intended that the DNs must be in a string RFC 2253 format. The reason this last case is still ok, is because RFC 4514 (which obsoletes 2253) allows this form of DN and does not require the '=' to be escaped. In particular, see Appendix B, the following change from RFC 2253: + did not require escaping of equals sign ('=' U+003D) characters,

30-08-2011