Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-5107944

v1.5 cannot parse CDP extension of X509Certificate

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 6
    • 5.0
    • security-libs
    • beta
    • x86
    • windows_2000



      Name: js151677 Date: 09/27/2004


      FULL PRODUCT VERSION :
      Works:
      java version "1.4.2_04"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05)
      Java HotSpot(TM) Client VM (build 1.4.2_04-b05, mixed mode)

      Does not works:
      java version "1.5.0-rc"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-rc-b63)
      Java HotSpot(TM) Client VM (build 1.5.0-rc-b63, mixed mode, sharing)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows 2000 [Version 5.00.2195]

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      Microsoft CA is issuing the certificate.

      A DESCRIPTION OF THE PROBLEM :
      Load a certificate that has CDP extension (OID 2.5.29.31).
      Prints certificates (toString ())
      Notice that the CDP extension is not parsed correctly.

      REGRESSION. Last worked in version tiger-rc

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Get the certificate attached and convert it from Base64 to BER.
      Execute the sample program using the certificate file as an argument.
      Do this for J2SE1.4.2, J2SE1.5

      Notice that CDP extension is not found n J2SE1.5.


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      This is taken from J2SE 1.4.2
      -----------------------------------------------
      [6]: ObjectId: 2.5.29.31 Criticality=false
      CRLDistributionPoints [
        [DistributionPoint:
           [URIName: ldap:///CN=X1NET4%20Root%20CA,CN=x1net4,CN=CDP,
      CN=Public%20Key%20Services,CN=Services,CN=Configuration,
      DC=test,DC=local?
      certificateRevocationList?base?objectClass=cRLDistributionPoint,
      URIName: http://x1net4.test.local/CertEnroll/X1NET4%20Root%20CA.crl]
      ]]
      ACTUAL -
      This is taken from J2SE 1.5
      -----------------------------------------------
      Unparseable certificate extensions: 1
      [1]: ObjectId: 2.5.29.31 Criticality=false
      0000: 30 81 FF 30 81 FC A0 81 F9 A0 81 F6 86 81 B7 6C 0..0...........l
      0010: 64 61 70 3A 2F 2F 2F 43 4E 3D 58 31 4E 45 54 34 dap:///CN=X1NET4
      0020: 25 32 30 52 6F 6F 74 25 32 30 43 41 2C 43 4E 3D %20Root%20CA,CN=
      0030: 78 31 6E 65 74 34 2C 43 4E 3D 43 44 50 2C 43 4E x1net4,CN=CDP,CN
      0040: 3D 50 75 62 6C 69 63 25 32 30 4B 65 79 25 32 30 =Public%20Key%20
      0050: 53 65 72 76 69 63 65 73 2C 43 4E 3D 53 65 72 76 Services,CN=Serv
      0060: 69 63 65 73 2C 43 4E 3D 43 6F 6E 66 69 67 75 72 ices,CN=Configur
      0070: 61 74 69 6F 6E 2C 44 43 3D 74 65 73 74 2C 44 43 ation,DC=test,DC
      0080: 3D 6C 6F 63 61 6C 3F 63 65 72 74 69 66 69 63 61 =local?certifica
      0090: 74 65 52 65 76 6F 63 61 74 69 6F 6E 4C 69 73 74 teRevocationList
      00A0: 3F 62 61 73 65 3F 6F 62 6A 65 63 74 43 6C 61 73 ?base?objectClas
      00B0: 73 3D 63 52 4C 44 69 73 74 72 69 62 75 74 69 6F s=cRLDistributio
      00C0: 6E 50 6F 69 6E 74 86 3A 68 74 74 70 3A 2F 2F 78 nPoint.:http://x
      00D0: 31 6E 65 74 34 2E 74 65 73 74 2E 6C 6F 63 61 6C 1net4.test.local
      00E0: 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 58 31 4E 45 /CertEnroll/X1NE
      00F0: 54 34 25 32 30 52 6F 6F 74 25 32 30 43 41 2E 63 T4%20Root%20CA.c
      0100: 72 6C rl

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------

      import java.io.FileInputStream;
      import java.security.cert.CertificateException;
      import java.security.cert.CertificateFactory;
      import java.security.cert.X509Certificate;

      public
      class
      a {
      public static void main (String[] args)
      throws Throwable {
      if (args.length != 1) {
      System.out.println ("Usage: a cert");
      }
      else {
      String strCertFile = args[0];

      X509Certificate cert = (X509Certificate)CertificateFactory.getInstance ("X.509").generateCertificate (
      new FileInputStream (strCertFile)
      );

      System.out.println (cert);

      if (cert.getExtensionValue ("2.5.29.31") == null) {
      System.out.println ("CDP Extension was not found");
      }
      }
      }
      }

      Use the following certificate:
      -----BEGIN CERTIFICATE-----
      MIIG2jCCBMKgAwIBAgIKGDHF2AAAAAAB7zANBgkqhkiG9w0BAQUFADBDMQswCQYD
      VQQGEwJJTDEMMAoGA1UEChMDWG9yMQ0wCwYDVQQLEwRUZXN0MRcwFQYDVQQDEw5Y
      MU5FVDQgUm9vdCBDQTAeFw0wNDA5MTMxODQ0MDdaFw0wNDExMTMxODQ0MDdaMB0x
      CzAJBgNVBAYTAklMMQ4wDAYDVQQDEwV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQAD
      ggEPADCCAQoCggEBAPeXaotn/GID7NwYvHOgaFt0Fg9ctqR9uH8oSQMAf5YkFfXu
      /QWR2S2kYC710WKhuwzRTXCE4zxzW5k8rMEjVOSp8npL7HNNGseVBYdmui5fhlfs
      4QGI7q7NWqzSTYYKX5rEcqw/ocsJIGnJnYmFo5yKpyclq/Xlp6UfgOW720rFSNY4
      tsePHESYZ0HMe1w9iXtnbW0SNWg8gOv9myUITgX7xNdyPyWQgb8k+xV5mi41Ikz1
      0WYSID0LrHUOAMCSwvsP4rZ/EQBRwAV56qDreIig9cHsrK9uGQSVO/aLacdasjU7
      W+Wd1kXtcvVLzCWf2iIgyJk1QVKGk0iAszruMAkCAwEAAaOCAvQwggLwMAsGA1Ud
      DwQEAwIFoDAdBgNVHQ4EFgQU7gvZMzzP/i1I5oYbE9PhyiaWkjswHwYDVR0jBBgw
      FoAUy8Vok/+tK6Ton90REvGJuPWZSUowggELBgNVHR8EggECMIH/MIH8oIH5oIH2
      hoG3bGRhcDovLy9DTj1YMU5FVDQlMjBSb290JTIwQ0EsQ049eDFuZXQ0LENOPUNE
      UCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25m
      aWd1cmF0aW9uLERDPXRlc3QsREM9bG9jYWw/Y2VydGlmaWNhdGVSZXZvY2F0aW9u
      TGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hjpodHRw
      Oi8veDFuZXQ0LnRlc3QubG9jYWwvQ2VydEVucm9sbC9YMU5FVDQlMjBSb290JTIw
      Q0EuY3JsMIIBHwYIKwYBBQUHAQEEggERMIIBDTCBsAYIKwYBBQUHMAKGgaNsZGFw
      Oi8vL0NOPVgxTkVUNCUyMFJvb3QlMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5
      JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10ZXN0
      LERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZp
      Y2F0aW9uQXV0aG9yaXR5MFgGCCsGAQUFBzAChkxodHRwOi8veDFuZXQ0LnRlc3Qu
      bG9jYWwvQ2VydEVucm9sbC94MW5ldDQudGVzdC5sb2NhbF9YMU5FVDQlMjBSb290
      JTIwQ0EuY3J0MD0GCSsGAQQBgjcVBwQwMC4GJisGAQQBgjcVCISRy1GExIEYguWP
      L4TL5iiDmpApf4SPsHeE45IhAgFkAgEIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsG
      CSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggIBAG66
      TS5tOFqHzchgNIPhnbAWDIsKC1aiz1N2Z/2JZ55YIg31qqlyhOEd+RQtrspNKp1I
      Rg042/gQyvS0AuPB9qeb79u5fEfctKKwQ31R3HZSxwCOiWo6wqXh18OH16feyPEG
      /ssc2zfrubLW66CpoCRxl1pM2Uh3wGVT9bPE9QCdYPiX1S5u4T9FCtScTjb0BFSm
      9bZ0JBklinroEnHJIbabk8k9XHqDsNN1abhvuuSHzW9J21IdgN7JMy/Aedhd9fYj
      fYl+iBlikpvqGUzVrM7TJYh6dI+sQn46Bn81sU1s/6+eW0CSh7lJGbCj1NNj2XBz
      ObjekKKMQjP8Sck6LoOHW/rfZRGiuF3x+cMRZbmeNwwCiiAwm9u1K98fKoOHMW54
      QIrSrk1SRYsfjIjwXTbAqf8MPvfiZ5noQrKyGohqPTmqv7GX381Lszvm8QEzRl6N
      XInSEOBMctBX7IGirnNvDoJ/q+arjPzKZDxFYu5r6/KlVqzdQjlTE+RdvTxytTZm
      bGc1eQtTC3BkD4Oc0XDv5kf4JUm2iFM9ySweFngEv/2fgASPSEaO076l9bT6Z4R2
      NtOC00qsFLvuaxWcYOTF+rn/anqy54UguA7Hspt2o9+eyx80LGn9sR+8tp9LsgUU
      Z50AZigYIuBmUFu3QEn+EMBGeuuSj7JsWzefn/rd
      -----END CERTIFICATE-----

      ---------- END SOURCE ----------
      (Incident Review ID: 311005)
      ======================================================================

            mullan Sean Mullan
            jssunw Jitender S (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: