Details
-
Bug
-
Resolution: Not an Issue
-
P2
-
None
-
1.4.0
-
generic
-
generic
Description
Name: nt126004 Date: 11/02/2001
java version "1.4.0-beta2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-beta2-b77)
Java HotSpot(TM) Client VM (build 1.4.0-beta2-b77, mixed mode)
There is still an unhandled NullPointerException due to an unknown key
specification when executing CertificateFactory.generateCertificate(). Here is the output:
Alias name: Thawte Universal CA Root
Creation date: Oct 29, 2001
Error: Certificate identified by alias Thawte Universal CA Root contains an inva
lid extension - java.io.IOException: subject key, java.security.spec.InvalidKeyS
pecException: Unknown key spec.
trustedCertEntry,
keytool error: java.lang.NullPointerException
The first part is the output produced by my code, but then an apparent
unhandled java.lang.NullPointerException occurs. This doesn't happen in the test program attached.
As part of a project here at the SEI, I wrote an implementation of KeyStoreSpi
that reads from Netscape keystore files, and when I try to use it with keytool that is what I get.
When tracing the exception, I found out that the problem is that it is throwing an exception that
keytool does not expect, and therefore gets a null piece of data
and throws the exception. But I'm sure the problem is in generateCertificate().
This is the exception thrown by the attached program. It fails
with an apparently valid certificate. (It is the Thawte Universal CA Root that
comes with Netscape.)
java.security.cert.CertificateParsingException: java.io.IOException: subject
key, java.security.spec.InvalidKeySpecException: Unknown key spec.
java.security.cert.CertificateParsingException: java.io.IOException: subject key
, java.security.spec.InvalidKeySpecException: Unknown key spec.
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:157)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1044)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:149)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto
ry.java:89)
at java.security.cert.CertificateFactory.generateCertificate(Certificate
Factory.java:286)
at hello.certDetails(hello.java:26)
at hello.main(hello.java:13)
------------ Source Code ----------
import java.io.*;
import java.security.*;
import java.security.cert.*;
import java.util.*;
public class hello {
public static void main (String args[]) {
System.out.println ("hello world");
try {
certDetails ("cert2.bad");
} catch (Exception e) {
System.out.println ("whoops " + e.toString());
e.printStackTrace();
}
System.out.println ("Goodbye world");
}
public static void certDetails (String fileName) throws Exception
{
FileInputStream fis = new FileInputStream (fileName);
CertificateFactory cf = CertificateFactory.getInstance ("X.509");
X509Certificate subjectCert = (X509Certificate)cf.generateCertificate(fis);
fis.close();
System.out.println (subjectCert.getSubjectDN().getName());
}
}
(Review ID: 134605)
======================================================================
Attachments
Issue Links
- relates to
-
JDK-4524097 2048 bit keylength restriction for RSA keys should be removed
-
- Closed
-