Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4972255

HttpsURLConnection.getLocalPrincipal returns null for certificate-based suite

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not an Issue
    • Icon: P3 P3
    • None
    • 5.0
    • security-libs



      Name: mtR10145 Date: 12/23/2003

      The spec of HttpsURLConnection.getServerCertificates
      states:
      ...using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.

      and HttpsURLConnection.getLocalPrincipal javadoc reads:
      ...return null for non-certificate based ciphersuites, such as Kerberos.

      However, the code below illustrates that dispite of
      SSLPeerUnverifiedException is not thrown by getServerCertificates
      (according to the spec, apparently certificate-based suite is used),
      getLocalPrincipal unexpectedly returns null. Since null output is
      allowed only for non-certificate based ciphersuites, this behavior is
      incorrect (whether javadoc or implementation should be updated).
      =================== Test22.java ======================
      import javax.net.ssl.*;
      import java.net.*;
      import java.security.cert.Certificate;
      import java.io.IOException;

      public class Test22 {

          public static void main(String argv[]) {
              HttpsURLConnection connection = null;
              URL url = null;
              InetAddress address = null;

              try {
                  address = InetAddress.getByName("proxy");
              } catch (UnknownHostException e) {
                  System.out.println("Unexpected: " + e);
              }
              InetSocketAddress isa = new InetSocketAddress(address, 3128);
              Proxy proxy = new Proxy(Proxy.Type.HTTP, isa);
          
              try {
                  connection = (HttpsURLConnection) new URL("https://www.sun.com").openConnection(proxy);
                  connection.connect();
                  System.out.println("Connected...");
              } catch(SecurityException se) {
                  System.out.println("Unexpected: " + se);
              } catch(java.io.IOException ioe) {
                  System.out.println("Unexpected: " + ioe);
              }

              try {
                  Certificate[] servCert = connection.getServerCertificates();

                  if (connection.getLocalPrincipal() == null)
                      System.out.println("Unexpected behavior: getServerCertificates didn't trow SSLPUE, " +
                                  "but getLocalPrincipal unexpectedly returned null.");
                  
              } catch (SSLPeerUnverifiedException e) {
                  System.out.println("Thrown: " + e);
              }

          }
      }
      ============== Test output with JSE 1.5.0-beta-b32 ==========
      Connected...
      Unexpected behavior: getServerCertificates didn't trow SSLPUE, but getLocalPrincipal unexpectedly returned null.
      ======================================================================

            smalkanisunw Seema Malkani (Inactive)
            cmssunw Cms Cms (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: