I'd like to bring this change into 7u only. The 7u40 7109096 fix introduced
tighter conditions around Key.getFormat(). Some interoperability issues
have been seen for key generators that mightn't strictly honour the
ASN.1 data format of X509 keys.
As a result, I don't think the restriction was suitable for an update
release
and we should relax it :
https://bugs.openjdk.java.net/browse/JDK-8054019
diff --git a/src/share/classes/sun/security/x509/CertAndKeyGen.java
b/src/share/classes/sun/security/x509/CertAndKeyGen.java
--- a/src/share/classes/sun/security/x509/CertAndKeyGen.java
+++ b/src/share/classes/sun/security/x509/CertAndKeyGen.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights
reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -156,7 +156,9 @@
// publicKey's format must be X.509 otherwise
// the whole CertGen part of this class is broken.
- if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
+ // Allow "X509" in 7u for backwards compatibility.
+ if (!"X.509".equalsIgnoreCase(publicKey.getFormat()) &&
+ !"X509".equalsIgnoreCase(publicKey.getFormat())) {
throw new IllegalArgumentException("publicKey's is not
X.509, but "
+ publicKey.getFormat());
}
Regards,
Sean.
