-
Bug
-
Resolution: Fixed
-
P3
-
1.4.2
-
02
-
x86
-
linux, windows_2000, windows_xp
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2097016 | 5.0 | Andreas Sterbenz | P3 | Resolved | Fixed | tiger |
Name: gm110360 Date: 06/04/2003
FULL PRODUCT VERSION :
java version "1.4.2-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-beta-b19)
Java HotSpot(TM) Client VM (build 1.4.2-beta-b19, mixed mode)
FULL OS VERSION :
Microsoft Windows 2000 [Version 5.00.2195]
EXTRA RELEVANT SYSTEM CONFIGURATION :
NOT APPLICABLE
A DESCRIPTION OF THE PROBLEM :
The following program throws the following CertificateParsingException.
This wasn't happening in previous versions of the JRE, specifically:
java version "1.4.1_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_02-b06)
Java HotSpot(TM) Client VM (build 1.4.1_02-b06, mixed mode)
This program contains the CA certificate of a Microsoft Certificate Server. The certificate contains two X.509 v3 extensions called "CRL Distribution Points". One of the CRL Distribution Points contains a uniform resource identifier that is in the following Microsoft-specific form:
file://\\lea\CertEnroll\Lea%20CA.crl
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Save the following certificate as '.\lea.cer'.
2. Create the directory '.\tools\'.
3. Create the directory '.\tools\crypto\'.
4. Save the following program as '.\tools\crypto\CertTest.java':
5. Compile CertTest.java
6. Run CertTest.java
java -cp . tools.crypto.CertTest lea.cer
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a
valid DNS name, IPv4 address, or IPv6 address
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:157)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1679)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:173)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:101)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389)
at tools.crypto.CertTest.doTest(CertTest.java:28)
at tools.crypto.CertTest.main(CertTest.java:42)
Caused by: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address
at sun.security.x509.CertificateExtensions.parseExtension(CertificateExtensions.java:111)
at sun.security.x509.CertificateExtensions.init(CertificateExtensions.java:78)
at sun.security.x509.CertificateExtensions.<init>(CertificateExtensions.java:57)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:731)
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:155)
... 6 more
Caused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address
at sun.security.x509.URIName.parseName(URIName.java:205)
at sun.security.x509.URIName.<init>(URIName.java:85)
at sun.security.x509.GeneralName.<init>(GeneralName.java:94)
at sun.security.x509.GeneralNames.<init>(GeneralNames.java:51)
at sun.security.x509.DistributionPoint.<init>(DistributionPoint.java:193)
at sun.security.x509.CRLDistributionPointsExtension.<init>(CRLDistributionPointsExtension.java:126)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at sun.security.x509.CertificateExtensions.parseExtension(CertificateExtensions.java:105)
... 10 more
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Run this program using the certificate shown earlier.
/*
* CertTest.java
*
* Created on May 9, 2003, 11:30 AM
*/
package tools.crypto;
import java.io.*;
import java.security.cert.*;
/**
*
*/
public class CertTest {
private File inputFile;
/** Creates a new instance of CertTest */
public CertTest(String[] args) {
inputFile = new File(args[0]);
}
public void doTest() {
try {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
FileInputStream fis = new FileInputStream(inputFile);
Certificate certificate = factory.generateCertificate(fis);
if (!(certificate instanceof X509Certificate)) {
System.out.println("Not an X.509 certificate");
System.exit(0);
}
X509Certificate x509 = (X509Certificate)certificate;
System.out.println(x509.toString());
}
catch (Exception e) {
e.printStackTrace(System.out);
}
}
public static void main(String[] args) {
new CertTest(args).doTest();
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Reconfigure Microsoft Certificate Server to not generate CRL distribution points of the form:
file://\\hostname\path
Release Regression From : 1.4.1_02
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
(Review ID: 187022)
======================================================================
- backported by
-
JDK-2097016 REGRESSION: CertificateParsingException for MS CRL Distribution Point
-
- Resolved
-
- duplicates
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-