JDK-8016345 : Update DNSName.java to support RFC 1123
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2013-06-03
  • Updated: 2017-03-27
  • Resolved: 2017-03-27
Related Reports
Duplicate :  
JDK-8054380 - DNSName should be verified when parsing an X509Certificate
Description
FULL PRODUCT VERSION :


ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
DNSName.java currently does not support dns components starting with numbers.  This has been allowed for quite some time as defined by RFC 1123 section 2.1.  Furthermore openjdk has updated their implementation to support RFC 1123 and 2181.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Pass a string such as 3test.com to the DNSName constructor

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No IOException due to a leading number in a dns name.
ACTUAL -
A domain name starting with a number is allowed per RFC 1123 but JDK 5/6/7 all return an IOException: DNSName components must begin with a letter

ERROR MESSAGES/STACK TRACES THAT OCCUR :
keytool error: java.lang.RuntimeException: java.io.IOException: DNSName components must begin with a letter
java.lang.RuntimeException: java.io.IOException: DNSName components must begin with a letter
        at sun.security.tools.KeyTool.createV3Extensions(Unknown Source)
        at sun.security.tools.KeyTool.doSelfCert(Unknown Source)
        at sun.security.tools.KeyTool.doGenKeyPair(Unknown Source)
        at sun.security.tools.KeyTool.doCommands(Unknown Source)
        at sun.security.tools.KeyTool.run(Unknown Source)
        at sun.security.tools.KeyTool.main(Unknown Source)
Caused by: java.io.IOException: DNSName components must begin with a letter
        at sun.security.x509.DNSName.<init>(Unknown Source)


REPRODUCIBILITY :
This bug can be reproduced always.