Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4759225

X500Certificate uses getName to make X500Principal

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: P4 P4
    • None
    • 1.4.0
    • security-libs



      Name: nt126004 Date: 10/07/2002


      FULL PRODUCT VERSION :
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
      Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)


      FULL OPERATING SYSTEM VERSION :


      ADDITIONAL OPERATING SYSTEMS :

      all

      A DESCRIPTION OF THE PROBLEM :
      in java.security.cert.X509Certificate
      getIssuerX500Principal returns new X500Principal(getIssuerDN
      ().getName()) which defeats the idea that X500Principal
      should give access to the DER encoded DN and various string
      representations of it.
      This forces the JCE to restrict its use of DN attribute
      keywords to those accepted by X500Principal which is
      unfortunate since not all keywords are standardized, e.g.,
      for emailAddress "EMAILADDRESS","E" and "mail" are used.
      The X500Principal should be constructed from the DER
      encoded DN available in X509Certificate.getTBSCertificate().

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      java.lang.RuntimeException: unable to instantiate X500Principal
      at java.security.cert.X509Certificate.getSubjectX500Principal
      (X509Certificate.java:274)
      at x500.rdCert(x500.java:17)
      at x500.main(x500.java:38)
      Caused by: java.lang.IllegalArgumentException: improperly specified input name:
      C=DK,O=Tele Danmark,OU=Internet,CN=SSL server CA,E=###@###.###
      at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:94)
      at java.security.cert.X509Certificate.getSubjectX500Principal
      (X509Certificate.java:270)
      ... 2 more
      Caused by: java.io.IOException: Invalid keyword "E"
      at sun.security.x509.AVAKeyword.getOID(AVA.java:833)
      at sun.security.x509.AVA.<init>(AVA.java:130)
      at sun.security.x509.AVA.<init>(AVA.java:100)
      at sun.security.x509.RDN.<init>(X500Name.java:1353)
      at sun.security.x509.X500Name.parseDN(X500Name.java:800)
      at sun.security.x509.X500Name.<init>(X500Name.java:128)
      at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:92)
      ... 3 more


      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      code fragment used with BouncyCastle JCE version 14-115 and a GlobalSign
      certificate with email in DN:

            inStream = new FileInputStream(file);
            CertificateFactory cf = CertificateFactory.getInstance("X.509", provider);
            X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
            X500Principal p = cert.getSubjectX500Principal();

      ---------- END SOURCE ----------

      CUSTOMER WORKAROUND :
      Use BounceyCastle version 13-112 with JDK1.3

      Suns JCE refuses to parse some GlobalSign server
      certificates due to encoding error in certificate
      (Review ID: 165228)
      ======================================================================

            mullan Sean Mullan
            nthompsosunw Nathanael Thompson (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: