Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.security > #16

Re: X500Principal and UTF-16 encoded certificates

From Yosi Izaq <izaqyos@gmail.com>
Newsgroups comp.lang.java.security
Subject Re: X500Principal and UTF-16 encoded certificates
Date 2011-04-21 08:27 -0700
Organization http://groups.google.com
Message-ID <ed8d8950-6fb4-4082-800f-1609258ceb96@hd10g2000vbb.googlegroups.com> (permalink)
References <f3317f71-49c9-448d-9baa-8cb439a19b4b@l36g2000vbp.googlegroups.com>

Show all headers | View raw

On Apr 21, 4:22 pm, Yosi Izaq <izaq...@gmail.com> wrote:
> Hi,
>
> I have a java application that parses certificates. It works perfectly
> for certificates that have their fields encoded in UTF-8.
> It doesn't work well for UTF-16 encoding. While debugging the problem
> I've found that getName(X500Principal.RFC2253) function returns the
> name with extra 0x00 bytes (as if it confuses the first byte of UTF-16
> to be a UTF-8 byte).
>
> I've also found in Java doc (http://download.oracle.com/javase/1.4.2/
> docs/api/javax/security/auth/x500/
> X500Principal.html#getName(java.lang.String) ) that:
> "If "RFC2253" is specified as the format, this method emits the
> attribute type keywords defined in RFC 2253 (CN, L, ST, O, OU, C,
> STREET, DC, UID). Any other attribute type is emitted as an OID. Under
> a strict reading, RFC 2253 only specifies a UTF-8 string
> representation. The String returned by this method is the Unicode
> string achieved by decoding this UTF-8 representation."
> This is consistent with the behavior that I've observed.
>
> I would like to ask what are my options for correctly parsing the name
> value in accordance with RFC2253 when encoded in UTF-16?
>
> TIA,
> Yosi

Just an update, rfc2253 (http://www.ietf.org/rfc/rfc2253.txt) states
it's objective as "UTF-8 String Representation of Distinguished
Names". Clearly, the legacy code I'm dealing with didn't take this
into account.
I'm currently experimenting with rfc1779 (http://www.ietf.org/rfc/
rfc1779.txt?number=1779) using all manner of UTF-16 encoded
certificate subjects.
Is there any specific reason why
X500Principal:getName(X500Principal.RFC2253) may be preferable to
X500Principal:getName(X500Principal.RFC1779)?

10x,
Yosi

Back to comp.lang.java.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

X500Principal and UTF-16 encoded certificates Yosi Izaq <izaqyos@gmail.com> - 2011-04-21 06:22 -0700
  Re: X500Principal and UTF-16 encoded certificates Yosi Izaq <izaqyos@gmail.com> - 2011-04-21 08:27 -0700
    Re: X500Principal and UTF-16 encoded certificates Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-04-22 17:35 +0200
      Re: X500Principal and UTF-16 encoded certificates Yosi Izaq <izaqyos@gmail.com> - 2011-04-24 02:21 -0700
    Re: X500Principal and UTF-16 encoded certificates Roedy Green <see_website@mindprod.com.invalid> - 2011-04-22 12:38 -0700
      Re: X500Principal and UTF-16 encoded certificates Stanimir Stamenkov <s7an10@netscape.net> - 2011-04-23 01:09 +0300
        Re: X500Principal and UTF-16 encoded certificates Roedy Green <see_website@mindprod.com.invalid> - 2011-04-24 11:54 -0700
          Re: X500Principal and UTF-16 encoded certificates Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-04-24 21:32 +0200
            Re: X500Principal and UTF-16 encoded certificates Roedy Green <see_website@mindprod.com.invalid> - 2011-04-25 17:23 -0700
      Re: X500Principal and UTF-16 encoded certificates Yosi Izaq <izaqyos@gmail.com> - 2011-04-24 02:32 -0700

csiph-web