sean.mullan@ireland 2001-01-10

Various constructors and methods of classes in the CertPath API accept
and return String forms of Distinguished Names. Currently the format
of the String specified in the javadoc is RFC 1779.

However, RFC 2253 obsoletes RFC 1779. This API change is to specify that
the format of the String DNs must be RFC 2253 instead of RFC 1779.

Those service providers that must use RFC 1779 names (ex: CertPathBuilders that use LDAPv2 to find certs) can transform the 2253 name to 1779 format in the
implementation using methods of the new javax.security.auth.x500.X500Principal
class.

The RFE affects the following methods:

X509CertSelector.setIssuer(String)
        X509CertSelector.setSubject(String)
        X509CertSelector.setSubjectAlternativeNames(Collection)
        X509CertSelector.addSubjectAlternativeName(int, String)
        X509CertSelector.setPathToNames(Collection)
        X509CertSelector.addPathToName(int, String)
        X509CertSelector.getIssuerAsString()
        X509CertSelector.getSubjectAsString()
        X509CertSelector.getSubjectAlternativeNames()
        X509CertSelector.getPathToNames()
        X509CRLSelector.setIssuerNames(Collection)
        X509CRLSelector.addIssuerName(String)
        X509CRLSelector.getIssuerNames()
        PKIXParameters(PublicKey, String)
        PKIXParameters.setCAPublicKeyAndName(PublicKey, String)
        PKIXParameters.getCAName()
        PKIXBuilderParameters(PublicKey, String, CertSelector)

In addition, code in the reference implementation may need to be changed
to use the new methods in the X500Principal class to parse the RFC 2253
String DNs.