-
Bug
-
Resolution: Fixed
-
P3
-
5.0
-
b85
-
x86
-
linux
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux miguel 2.6.12-12mdksmp #1 SMP Fri Sep 9 17:43:23 CEST 2005 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz unknown GNU/Linux
A DESCRIPTION OF THE PROBLEM :
One of the constructors of EncryptedPrivateKeyInfo expects an algorithm name or oid, passed as a string. The constructor accepts oids with negative components, when the negative value is the last component of the oid. That is, "1.2.3.-4" is accepted, but "1.2.-3.4" is rejected (as it should be). In the first case, calling the method getEncoded() causes the throwing of ArrayIndexOutOfBoundException.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call the constructor with a string of the form "1.2.3.-4"
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
It should throw NoSuchAlgorithmException, like
java.security.NoSuchAlgorithmException: Invalid ObjectIdentifier 1.2.3.-4
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:100)
at javax.crypto.EncryptedPrivateKeyInfo.<init>(DashoA12275)
at TestOid.main(TestOid.java:20)
ACTUAL -
No exception is thrown
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.security.NoSuchAlgorithmException;
import javax.crypto.EncryptedPrivateKeyInfo;
public class TestOid {
/**
* @param args
* @throws IOException
* @throws GSSException
*/
public static void main(String[] args){
String[] oids = {"1.2.-3.4", "1.2.3.-4"};
for (String s:oids){
EncryptedPrivateKeyInfo epki;
try {
epki = new EncryptedPrivateKeyInfo(s,new byte[8]);
System.out.println(s+ " has not been detected as invalid");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
System.out.println(s+ " has been detected as invalid");
}
}
}
}
---------- END SOURCE ----------
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux miguel 2.6.12-12mdksmp #1 SMP Fri Sep 9 17:43:23 CEST 2005 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz unknown GNU/Linux
A DESCRIPTION OF THE PROBLEM :
One of the constructors of EncryptedPrivateKeyInfo expects an algorithm name or oid, passed as a string. The constructor accepts oids with negative components, when the negative value is the last component of the oid. That is, "1.2.3.-4" is accepted, but "1.2.-3.4" is rejected (as it should be). In the first case, calling the method getEncoded() causes the throwing of ArrayIndexOutOfBoundException.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call the constructor with a string of the form "1.2.3.-4"
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
It should throw NoSuchAlgorithmException, like
java.security.NoSuchAlgorithmException: Invalid ObjectIdentifier 1.2.3.-4
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:100)
at javax.crypto.EncryptedPrivateKeyInfo.<init>(DashoA12275)
at TestOid.main(TestOid.java:20)
ACTUAL -
No exception is thrown
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.security.NoSuchAlgorithmException;
import javax.crypto.EncryptedPrivateKeyInfo;
public class TestOid {
/**
* @param args
* @throws IOException
* @throws GSSException
*/
public static void main(String[] args){
String[] oids = {"1.2.-3.4", "1.2.3.-4"};
for (String s:oids){
EncryptedPrivateKeyInfo epki;
try {
epki = new EncryptedPrivateKeyInfo(s,new byte[8]);
System.out.println(s+ " has not been detected as invalid");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
System.out.println(s+ " has been detected as invalid");
}
}
}
}
---------- END SOURCE ----------
- relates to
-
-
- Resolved
-
-
-
- Resolved
-