Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4330029

jsse doesn't recognise OID. keywords

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 1.4.0
    • 1.0.1, 1.0.2, 1.4.0
    • security-libs
    • beta2
    • generic, x86
    • generic, windows_2000


      In the AVA.java constructor code, there is a comment about OID. values.

             else if (keyword.equals("GENERATION"))
                  oid = X500Name.GENERATIONQUALIFIER_OID;
                       
              // else if (keyword.startsWith("OID.") { ... }

             else
                  throw new IOException("unsupported keyword " + keyword);

      A customer has hit such a problem...




      Hi, I'm currently have problem with X509 Certificate version 1.
      In my certificate , there is information about "PostalCode" as well as the
      "Organization Unit", etc under the header of "SUBJECT".
      My problem starts as Java does not recognize the keyword "Postal Code", and
      replaces that keyword with "OID.2.5.4.17".

      The fact the java does not recognize the "Postal Code" has crashed my SSL
      handshake during the negotiation process.
      It throws out exception below

      Caught: java.io.Exception: unsupported keyword OID.2.5.4.17
      Caught: java.io.Exception: unsupported keyword OID.2.5.4.17
      Caught: java.io.Exception: unsupported keyword OID.2.5.4.17
      Caught: java.io.Exception: unsupported keyword OID.2.5.4.17
      ...

      As a result, my secure ftp server never receives any certificates from the
      client ( ie , my java code).

      Below is part of my code, how I read the X509 from pkcs12 file

       // Loading PKCS#12 file
              System.out.println("Loading PKCS#12 file");
              KeyStore ks;
              char[] password = "andy".toCharArray();
              ks = KeyStore.getInstance("PKCS12");
              ks.load(new FileInputStream("cert.pfx"),password);

              Enumeration e = ks.aliases();
              String als="";
              while ( e.hasMoreElements()) {
                 als = e.nextElement().toString();
              System.out.println("Alias is " + als);
              }
              X509Certificate cert = (X509Certificate) ks.getCertificate(als);
             System.out.println(cert.toString());

      The output generated is as follow :
      --------------------------------------------------
      Loading PKCS#12 file
      unknown attr1.3.6.1.4.1.311.17.1
      Provider : SunJSSE version 1.01
      Alias is {6ad34e3b-fb1e-11d3-8b09-002035863ee5}
      [
      [
        Version: V1
        Subject: OID.2.5.4.17=CV34 5JL, CN=ie::ed1.gsb.user01, OU=5,
      O=IGN-EDI-CLIENT, L=Warwick, ST=Warwickshire, C=UK
        Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

      etc.. etc ....


      The value of "CV34 5JL" above is meant for the "PostalCode".
      Could you tell me how I can get around this problem ( at least tell Java to
       recognize the "PostalCode").
      ps : the pkcs#12 has been exported from IE


      Name: krC82822 Date: 02/09/2001


      java version "1.3.0"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
      Java HotSpot(TM) Client VM (build 1.3.0-C, mixed mode)

      I am using the IBM Web server V1.3.6.2(Apache) on win 2k.
      Using the supplied IKEYMAN key management tool I created a self signed certificate and then exported it to a file.
      I setup the web server to use this certificate and am able to access the web server from a browser using https.

      I now wanted to access this same web server from my Java code.
      I imported the certificate into my cacerts file using the Java keytool.

      Running the following sample code to access my web server throws the exception:
      java.io.IOException: unsupported keyword OID.2.5.4.17
      java.lang.Throwable(java.lang.String)
      java.lang.Exception(java.lang.String)
      java.io.IOException(java.lang.String)
      com.sun.net.ssl.internal.ssl.AVA(java.io.StringReader)
      com.sun.net.ssl.internal.ssl.RDN(java.lang.String)
      void com.sun.net.ssl.internal.ssl.X500Name.a(java.lang.String)
      com.sun.net.ssl.internal.ssl.X500Name(java.lang.String)
      void com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(com.sun.net.ssl.HostnameVerifier)
      com.sun.net.ssl.internal.www.protocol.https.HttpClient com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(javax.net.ssl.SSLSocketFactory, java.net.URL, com.sun.net.ssl.HostnameVerifier, boolean)
      com.sun.net.ssl.internal.www.protocol.https.HttpClient com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(javax.net.ssl.SSLSocketFactory, java.net.URL, com.sun.net.ssl.HostnameVerifier)
      void com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect()
      java.io.InputStream com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream()
      java.io.InputStream java.net.URL.openStream()
      void sm.ssl.test.HTTPSTest.main(java.lang.String [])



      ************ Sample code to access a https web server ********
      public static void main(String[] args) {
      URL url = null;
      try {
      url = new URL("https://securehost");
      } catch (Exception e) {
      e.printStackTrace();
      return;
      }
      try {
      InputStream is = url.openStream();
      BufferedReader in = new BufferedReader(new InputStreamReader(is));
      String inputLine;
      while ((inputLine = in.readLine()) != null)
      System.out.println(inputLine);
      in.close();
      } catch (Exception e) {
      e.printStackTrace();
      return;
      }
      }
      (Review ID: 110690)
      ======================================================================

            smalkanisunw Seema Malkani (Inactive)
            wetmore Bradford Wetmore
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: