Name: nt126004 Date: 05/22/2003


FULL PRODUCT VERSION :
java version "1.4.2-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-
Java HotSpot(TM) Client VM (build 1.4.2-beta-b19, mixed mode)


FULL OS VERSION :
Microsoft Windows 2000 [Version 5.00.2195]


A DESCRIPTION OF THE PROBLEM :
The parsing of a x509 certificate produces an error, if the certificate contains a CRLDistributionPoints extension without an protocol/scheme (www.xyz.com).

IMHO this behavior is not corect, because RFC 2459 doesn't define and scheme/protocol specific restriction for URI's
  
 DistributionPoint ::= SEQUENCE {
        distributionPoint [0] DistributionPointName OPTIONAL,
        reasons [1] ReasonFlags OPTIONAL,
        cRLIssuer [2] GeneralNames OPTIONAL }

   DistributionPointName ::= CHOICE {
        fullName [0] GeneralNames,
        nameRelativeToCRLIssuer [1] RelativeDistinguishedName }


GeneralName ::= CHOICE {
           otherName [0] OtherName,
           rfc822Name [1] IA5String,
           dNSName [2] IA5String,
           x400Address [3] ORAddress,
           directoryName [4] Name,
           ediPartyName [5] EDIPartyName,
           uniformResourceIdentifier [6] IA5String,
           iPAddress [7] OCTET STRING,
           registeredID [8] OBJECT IDENTIFIER}
 

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
parse a sun.security.x509.URIName without a protocol/scheme

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no error
ACTUAL -
an exception

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Caused by: java.io.IOException: Name www.crl.datev.de does not include a <scheme>
at sun.security.x509.URIName.parseName(URIName.java:129)
at sun.security.x509.URIName.<init>(URIName.java:85)
at sun.security.x509.GeneralName.<init>(GeneralName.java:94)
at sun.security.x509.GeneralNames.<init>(GeneralNames.java:51)
at sun.security.x509.DistributionPoint.<init>(DistributionPoint.java:193)
at sun.security.x509.CRLDistributionPointsExtension.<init>(CRLDistributionPointsExtension.java:126)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)


REPRODUCIBILITY :
This bug can be reproduced always.

-------------- BEGIN SOURCE -------------------
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;

/**
 * Simple Test...
 */
public class CertTest {
    public static void main(String args[]) {
        try {
            CertificateFactory fac = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate) fac.generateCertificate(CertTest.class.getResourceAsStream("mydatev.cer"));
            System.out.println(cert);
        }
        catch(Exception exc) {
            exc.printStackTrace();
        }
    }
}
----------------- END SOURCE -----------------
(Review ID: 185562)
======================================================================