-
Bug
-
Resolution: Fixed
-
P3
-
7
-
b140
-
generic
-
generic
-
Not verified
Here is the steps to reproduce this issue with simplified code:
nc150145@jck-win1: /net/sqenfs-1/export1/comp/jsn/users/evergreen/wzhu/CertPathBuilderTest $ cd
nc150145@jck-win1: ~ $ cd /net/sqenfs-1/export1/comp/jsn/users/evergreen/wzhu/CertPathBuilderTest
nc150145@jck-win1: /net/sqenfs-1/export1/comp/jsn/users/evergreen/wzhu/CertPathBuilderTest $ /net/bonsai.sfbay/w/builds/jdk/7/pit/b62/linux-i586/jdk1.7.0/bin/java -Djava.security.debug=certpath CertPathBuilderTest > log 2>&1
(The test files above have also been attached)
Contents of log file:
certpath: SunCertPathBuilder.engineBuild([
[
Trust Anchors: [[
Trusted CA cert: [
[
Version: V3
Subject: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 102391465275516912515563344486897643382501239620727094556425568251165876499366868672228779562455879074900749139652718414771482522558763730199427986645279821876687173212631326484084739663485019004874099200404174025518597704524859078666183130082346730033312332727183071944363575576029991275390212601756167201041
public exponent: 65537
Validity: [From: Fri May 27 07:57:20 PDT 2005,
To: Wed Aug 19 07:57:20 PDT 2015]
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
SerialNumber: [ 01]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D6 42 7A 0E A3 07 B0 FC 23 93 B4 4D 9C F6 8B 22 .Bz.....#..M..."
0010: C8 0F 89 40 ...@
]
]
[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 64 1F CB 0F D1 43 AF 0F A7 07 F7 2B 16 C9 BA 49 d....C.....+...I
0010: D8 E6 23 42 79 76 ED 36 56 B6 A3 C2 75 91 42 88 ..#Byv.6V...u.B.
0020: 76 C7 5A 29 E1 EE 0B DC 9C 24 E6 B5 04 F4 E0 91 v.Z).....$......
0030: EC C4 79 85 1E 8A 59 ED 92 5B B3 74 16 BB A4 95 ..y...Y..[.t....
0040: DE 95 61 64 26 E6 41 EE 9B 84 6F 7D 74 85 53 C0 ..ad&.A...o.t.S.
0050: 67 FF 2A 8B FA AD 8A 45 9C 32 7E 63 34 17 DC 89 g.*....E.2.c4...
0060: D5 76 B7 27 56 5F 1A CC D2 C9 79 4F 52 0A 42 B8 .v.'V_....yOR.B.
0070: AF 7C 13 43 57 92 53 D2 BC 8A 50 0E 02 72 27 9E ...CW.S...P..r'.
]
]
Initial Policy OIDs: any
Validity Date: null
Signature Provider: null
Default Revocation Enabled: true
Explicit Policy Required: false
Policy Mapping Inhibited: false
Any Policy Inhibited: false
Policy Qualifiers Rejected: true
Target Cert Constraints: X509CertSelector: [
Certificate: [
[
Version: V3
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 139485484259931312516558345506821078592151471346206541571813337285964821607575479473483893979967518662324063162436502476569672163661426180040563179700700363523853663568592534882919635297859277019768818638633799785871215311978897795119777412529784691652591105290326142317468815373794875687792061697615535443343
public exponent: 65537
Validity: [From: Fri May 27 07:57:20 PDT 2005,
To: Wed Aug 19 07:57:20 PDT 2015]
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8E E6 88 2D A1 8E D9 42 1B 79 97 2D BE 6D 70 59 ...-...B.y.-.mpY
0010: 49 95 FF A7 I...
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 C6 CC A1 F6 0C 27 6C F6 FF 88 42 FB 9A B1 5A (.....'l...B...Z
0010: 3E 9F 00 D8 >...
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: ###@###.###
]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.101.3.2.1.48.1]
[] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 83 EA EF F6 BF 17 36 F6 55 9B BF 6A 42 6E E2 E3 ......6.U..jBn..
0010: 67 8B F7 FF CC 88 1B 2D 9C 29 03 42 E0 5D F0 2E g......-.).B.]..
0020: 6A 6D 30 B6 F4 3F C2 C5 78 E1 97 93 55 49 34 F5 jm0..?..x...UI4.
0030: F4 37 58 C5 86 9C 1C A9 35 68 57 D8 AF AA B9 F5 .7X.....5hW.....
0040: BC E9 CC EE CC 76 F1 F2 70 1A 0F C5 95 42 3F D6 .....v..p....B?.
0050: 98 B7 73 7E CE 6B 52 0E 58 BA D2 79 BB 9D E2 78 ..s..kR.X..y...x
0060: 6B F9 A7 08 B3 E1 3A 82 10 08 A1 E1 5E 7A AA 0B k.....:.....^z..
0070: FD 41 4A 9E AF 47 37 51 2F DB F5 6C 17 51 1A 1B .AJ..G7Q/..l.Q..
]
matchAllSubjectAltNames flag: true
]
Certification Path Checkers: [[]]
CertStores: [[java.security.cert.CertStore@3ecfff]]
] Maximum Path Length: 5
]
)
certpath: SunCertPathBuilder.buildForward()...
certpath: SunCertPathBuilder.depthFirstSearchForward(CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US, State [
issuerDN of last cert: null
traversedCACerts: 0
init: true
keyParamsNeeded: false
subjectNamesTraversed:
[]]
)
certpath: ForwardBuilder.getMatchingCerts()...
certpath: ForwardBuilder.getMatchingEECerts()...
certpath: X509CertSelector.match(SN: 1
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: Builder.addMatchingCerts: adding target cert
certpath: ForwardBuilder.getMatchingCACerts()...
certpath: ForwardBuilder.getMatchingCACerts(): ca is target
certpath: X509CertSelector.match(SN: 1
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US)
certpath: X509CertSelector.match: certs don't match
certpath: X509CertSelector.match(SN: 1
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US)
certpath: X509CertSelector.match: maxPathLen too small (-1 < 0)
certpath: ForwardBuilder.getMatchingCACerts: found 0 CA certs
certpath: SunCertPathBuilder.depthFirstSearchForward(): certs.size=1
certpath: ForwardBuilder.verifyCert(SN: 01
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US)
certpath: SunCertPathBuilder.depthFirstSearchForward(CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US, State [
issuerDN of last cert: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
traversedCACerts: 0
init: false
keyParamsNeeded: false
subjectNamesTraversed:
[RFC822Name: ###@###.###, CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US]]
)
certpath: ForwardBuilder.getMatchingCerts()...
certpath: ForwardBuilder.getMatchingCACerts()...
certpath: X509CertSelector.match(SN: 1
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US)
certpath: X509CertSelector.match: subject DNs don't match
certpath: LDAPCertStore.engineGetCertificates() selector: X509CertSelector: [
Subject: CN=Basic Directory Trust Anchor SubCA3,O=Test Certificates,C=US
matchAllSubjectAltNames flag: true
Certificate Valid: Tue Sep 15 20:15:45 PDT 2009
Path to names:
RFC822Name: ###@###.###
CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US
]
certpath: LDAPCertStore.engineGetCertificates() basicConstraints: 0
certpath: LDAPCertStore.engineGetCertificates() subject is not null
certpath: X509CertSelector.match(SN: 6
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: X509CertSelector.match(SN: 7
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: LDAPCertStore.engineGetCertificates() after getMatchingCrossCerts(subject,xsel,null),certs.size(): 2
certpath: X509CertSelector.match(SN: 6
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: X509CertSelector.match(SN: 7
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: LDAPCertStore.engineGetCertificates() after getCertificates(subject,CA_CERT,xsel),certs.size(): 2
certpath: LDAPCertStore.engineGetCertificates() about to getMatchingCrossCerts...
certpath: LDAPCertStore.engineGetCertificates() returning certs
certpath: PKIXCertComparator.compare() o1 Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
certpath: PKIXCertComparator.compare() o2 Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
certpath: PKIXCertComparator.compare() MATCH TRUSTED SUBJECT TEST...
certpath: PKIXCertComparator.compare() m1: true
certpath: PKIXCertComparator.compare() m2: true
certpath: SunCertPathBuilder.depthFirstSearchForward(): certs.size=2
certpath: ForwardBuilder.verifyCert(SN: 07
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US)
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: policyMappingFound = false
certpath: KeyChecker.verifyCAKeyUsage() ---checking CA key usage...
certpath: KeyChecker.verifyCAKeyUsage() CA key usage verified.
certpath: CrlRevocationChecker.verifyRevocationStatus() ---checking revocation status...
certpath: LDAPCertStore.engineGetCRLs() selector: X509CRLSelector: [
dateAndTime: Tue Sep 15 20:15:45 PDT 2009
Certificate being checked: [
[
Version: V3
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 139485484259931312516558345506821078592151471346206541571813337285964821607575479473483893979967518662324063162436502476569672163661426180040563179700700363523853663568592534882919635297859277019768818638633799785871215311978897795119777412529784691652591105290326142317468815373794875687792061697615535443343
public exponent: 65537
Validity: [From: Fri May 27 07:57:20 PDT 2005,
To: Wed Aug 19 07:57:20 PDT 2015]
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8E E6 88 2D A1 8E D9 42 1B 79 97 2D BE 6D 70 59 ...-...B.y.-.mpY
0010: 49 95 FF A7 I...
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 C6 CC A1 F6 0C 27 6C F6 FF 88 42 FB 9A B1 5A (.....'l...B...Z
0010: 3E 9F 00 D8 >...
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: ###@###.###
]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.101.3.2.1.48.1]
[] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 83 EA EF F6 BF 17 36 F6 55 9B BF 6A 42 6E E2 E3 ......6.U..jBn..
0010: 67 8B F7 FF CC 88 1B 2D 9C 29 03 42 E0 5D F0 2E g......-.).B.]..
0020: 6A 6D 30 B6 F4 3F C2 C5 78 E1 97 93 55 49 34 F5 jm0..?..x...UI4.
0030: F4 37 58 C5 86 9C 1C A9 35 68 57 D8 AF AA B9 F5 .7X.....5hW.....
0040: BC E9 CC EE CC 76 F1 F2 70 1A 0F C5 95 42 3F D6 .....v..p....B?.
0050: 98 B7 73 7E CE 6B 52 0E 58 BA D2 79 BB 9D E2 78 ..s..kR.X..y...x
0060: 6B F9 A7 08 B3 E1 3A 82 10 08 A1 E1 5E 7A AA 0B k.....:.....^z..
0070: FD 41 4A 9E AF 47 37 51 2F DB F5 6C 17 51 1A 1B .AJ..G7Q/..l.Q..
]
]
certpath: CrlRevocationChecker.verifyRevocationStatus() crls.size() = 1
certpath: CRLRevocationChecker.verifyPossibleCRLs: Checking CRLDPs for CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US
certpath: Exception while verifying CRL: all elements of set must be of type java.security.cert.TrustAnchor
java.lang.ClassCastException: all elements of set must be of type java.security.cert.TrustAnchor
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:205)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at sun.security.provider.certpath.DistributionPointFetcher.verifyCRL(DistributionPointFetcher.java:547)
at sun.security.provider.certpath.CrlRevocationChecker.verifyPossibleCRLs(CrlRevocationChecker.java:747)
at sun.security.provider.certpath.CrlRevocationChecker.verifyRevocationStatus(CrlRevocationChecker.java:311)
at sun.security.provider.certpath.CrlRevocationChecker.verifyRevocationStatus(CrlRevocationChecker.java:239)
at sun.security.provider.certpath.CrlRevocationChecker.check(CrlRevocationChecker.java:210)
at sun.security.provider.certpath.ForwardBuilder.verifyCert(ForwardBuilder.java:783)
at sun.security.provider.certpath.SunCertPathBuilder.depthFirstSearchForward(SunCertPathBuilder.java:409)
at sun.security.provider.certpath.SunCertPathBuilder.depthFirstSearchForward(SunCertPathBuilder.java:620)
at sun.security.provider.certpath.SunCertPathBuilder.buildForward(SunCertPathBuilder.java:346)
at sun.security.provider.certpath.SunCertPathBuilder.buildCertPath(SunCertPathBuilder.java:211)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:180)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
at CertPathBuilderTest.main(CertPathBuilderTest.java:39)
certpath: CrlRevocationChecker.verifyRevocationStatus() approved crls.size() = 0
certpath: CrlRevocationChecker.verifyWithSeparateSigningKey() ---checking revocation status...
...
nc150145@jck-win1: /net/sqenfs-1/export1/comp/jsn/users/evergreen/wzhu/CertPathBuilderTest $ cd
nc150145@jck-win1: ~ $ cd /net/sqenfs-1/export1/comp/jsn/users/evergreen/wzhu/CertPathBuilderTest
nc150145@jck-win1: /net/sqenfs-1/export1/comp/jsn/users/evergreen/wzhu/CertPathBuilderTest $ /net/bonsai.sfbay/w/builds/jdk/7/pit/b62/linux-i586/jdk1.7.0/bin/java -Djava.security.debug=certpath CertPathBuilderTest > log 2>&1
(The test files above have also been attached)
Contents of log file:
certpath: SunCertPathBuilder.engineBuild([
[
Trust Anchors: [[
Trusted CA cert: [
[
Version: V3
Subject: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 102391465275516912515563344486897643382501239620727094556425568251165876499366868672228779562455879074900749139652718414771482522558763730199427986645279821876687173212631326484084739663485019004874099200404174025518597704524859078666183130082346730033312332727183071944363575576029991275390212601756167201041
public exponent: 65537
Validity: [From: Fri May 27 07:57:20 PDT 2005,
To: Wed Aug 19 07:57:20 PDT 2015]
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
SerialNumber: [ 01]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D6 42 7A 0E A3 07 B0 FC 23 93 B4 4D 9C F6 8B 22 .Bz.....#..M..."
0010: C8 0F 89 40 ...@
]
]
[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 64 1F CB 0F D1 43 AF 0F A7 07 F7 2B 16 C9 BA 49 d....C.....+...I
0010: D8 E6 23 42 79 76 ED 36 56 B6 A3 C2 75 91 42 88 ..#Byv.6V...u.B.
0020: 76 C7 5A 29 E1 EE 0B DC 9C 24 E6 B5 04 F4 E0 91 v.Z).....$......
0030: EC C4 79 85 1E 8A 59 ED 92 5B B3 74 16 BB A4 95 ..y...Y..[.t....
0040: DE 95 61 64 26 E6 41 EE 9B 84 6F 7D 74 85 53 C0 ..ad&.A...o.t.S.
0050: 67 FF 2A 8B FA AD 8A 45 9C 32 7E 63 34 17 DC 89 g.*....E.2.c4...
0060: D5 76 B7 27 56 5F 1A CC D2 C9 79 4F 52 0A 42 B8 .v.'V_....yOR.B.
0070: AF 7C 13 43 57 92 53 D2 BC 8A 50 0E 02 72 27 9E ...CW.S...P..r'.
]
]
Initial Policy OIDs: any
Validity Date: null
Signature Provider: null
Default Revocation Enabled: true
Explicit Policy Required: false
Policy Mapping Inhibited: false
Any Policy Inhibited: false
Policy Qualifiers Rejected: true
Target Cert Constraints: X509CertSelector: [
Certificate: [
[
Version: V3
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 139485484259931312516558345506821078592151471346206541571813337285964821607575479473483893979967518662324063162436502476569672163661426180040563179700700363523853663568592534882919635297859277019768818638633799785871215311978897795119777412529784691652591105290326142317468815373794875687792061697615535443343
public exponent: 65537
Validity: [From: Fri May 27 07:57:20 PDT 2005,
To: Wed Aug 19 07:57:20 PDT 2015]
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8E E6 88 2D A1 8E D9 42 1B 79 97 2D BE 6D 70 59 ...-...B.y.-.mpY
0010: 49 95 FF A7 I...
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 C6 CC A1 F6 0C 27 6C F6 FF 88 42 FB 9A B1 5A (.....'l...B...Z
0010: 3E 9F 00 D8 >...
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: ###@###.###
]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.101.3.2.1.48.1]
[] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 83 EA EF F6 BF 17 36 F6 55 9B BF 6A 42 6E E2 E3 ......6.U..jBn..
0010: 67 8B F7 FF CC 88 1B 2D 9C 29 03 42 E0 5D F0 2E g......-.).B.]..
0020: 6A 6D 30 B6 F4 3F C2 C5 78 E1 97 93 55 49 34 F5 jm0..?..x...UI4.
0030: F4 37 58 C5 86 9C 1C A9 35 68 57 D8 AF AA B9 F5 .7X.....5hW.....
0040: BC E9 CC EE CC 76 F1 F2 70 1A 0F C5 95 42 3F D6 .....v..p....B?.
0050: 98 B7 73 7E CE 6B 52 0E 58 BA D2 79 BB 9D E2 78 ..s..kR.X..y...x
0060: 6B F9 A7 08 B3 E1 3A 82 10 08 A1 E1 5E 7A AA 0B k.....:.....^z..
0070: FD 41 4A 9E AF 47 37 51 2F DB F5 6C 17 51 1A 1B .AJ..G7Q/..l.Q..
]
matchAllSubjectAltNames flag: true
]
Certification Path Checkers: [[]]
CertStores: [[java.security.cert.CertStore@3ecfff]]
] Maximum Path Length: 5
]
)
certpath: SunCertPathBuilder.buildForward()...
certpath: SunCertPathBuilder.depthFirstSearchForward(CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US, State [
issuerDN of last cert: null
traversedCACerts: 0
init: true
keyParamsNeeded: false
subjectNamesTraversed:
[]]
)
certpath: ForwardBuilder.getMatchingCerts()...
certpath: ForwardBuilder.getMatchingEECerts()...
certpath: X509CertSelector.match(SN: 1
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: Builder.addMatchingCerts: adding target cert
certpath: ForwardBuilder.getMatchingCACerts()...
certpath: ForwardBuilder.getMatchingCACerts(): ca is target
certpath: X509CertSelector.match(SN: 1
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US)
certpath: X509CertSelector.match: certs don't match
certpath: X509CertSelector.match(SN: 1
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US)
certpath: X509CertSelector.match: maxPathLen too small (-1 < 0)
certpath: ForwardBuilder.getMatchingCACerts: found 0 CA certs
certpath: SunCertPathBuilder.depthFirstSearchForward(): certs.size=1
certpath: ForwardBuilder.verifyCert(SN: 01
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US)
certpath: SunCertPathBuilder.depthFirstSearchForward(CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US, State [
issuerDN of last cert: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
traversedCACerts: 0
init: false
keyParamsNeeded: false
subjectNamesTraversed:
[RFC822Name: ###@###.###, CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US]]
)
certpath: ForwardBuilder.getMatchingCerts()...
certpath: ForwardBuilder.getMatchingCACerts()...
certpath: X509CertSelector.match(SN: 1
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US)
certpath: X509CertSelector.match: subject DNs don't match
certpath: LDAPCertStore.engineGetCertificates() selector: X509CertSelector: [
Subject: CN=Basic Directory Trust Anchor SubCA3,O=Test Certificates,C=US
matchAllSubjectAltNames flag: true
Certificate Valid: Tue Sep 15 20:15:45 PDT 2009
Path to names:
RFC822Name: ###@###.###
CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US
]
certpath: LDAPCertStore.engineGetCertificates() basicConstraints: 0
certpath: LDAPCertStore.engineGetCertificates() subject is not null
certpath: X509CertSelector.match(SN: 6
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: X509CertSelector.match(SN: 7
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: LDAPCertStore.engineGetCertificates() after getMatchingCrossCerts(subject,xsel,null),certs.size(): 2
certpath: X509CertSelector.match(SN: 6
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: X509CertSelector.match(SN: 7
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: X509CertSelector.match returning: true
certpath: LDAPCertStore.engineGetCertificates() after getCertificates(subject,CA_CERT,xsel),certs.size(): 2
certpath: LDAPCertStore.engineGetCertificates() about to getMatchingCrossCerts...
certpath: LDAPCertStore.engineGetCertificates() returning certs
certpath: PKIXCertComparator.compare() o1 Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
certpath: PKIXCertComparator.compare() o2 Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US
certpath: PKIXCertComparator.compare() MATCH TRUSTED SUBJECT TEST...
certpath: PKIXCertComparator.compare() m1: true
certpath: PKIXCertComparator.compare() m2: true
certpath: SunCertPathBuilder.depthFirstSearchForward(): certs.size=2
certpath: ForwardBuilder.verifyCert(SN: 07
Issuer: CN=Basic Directory Trust Anchor, O=Test Certificates, C=US)
Subject: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US)
certpath: policyMappingFound = false
certpath: KeyChecker.verifyCAKeyUsage() ---checking CA key usage...
certpath: KeyChecker.verifyCAKeyUsage() CA key usage verified.
certpath: CrlRevocationChecker.verifyRevocationStatus() ---checking revocation status...
certpath: LDAPCertStore.engineGetCRLs() selector: X509CRLSelector: [
dateAndTime: Tue Sep 15 20:15:45 PDT 2009
Certificate being checked: [
[
Version: V3
Subject: CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 139485484259931312516558345506821078592151471346206541571813337285964821607575479473483893979967518662324063162436502476569672163661426180040563179700700363523853663568592534882919635297859277019768818638633799785871215311978897795119777412529784691652591105290326142317468815373794875687792061697615535443343
public exponent: 65537
Validity: [From: Fri May 27 07:57:20 PDT 2005,
To: Wed Aug 19 07:57:20 PDT 2015]
Issuer: CN=Basic Directory Trust Anchor SubCA3, O=Test Certificates, C=US
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8E E6 88 2D A1 8E D9 42 1B 79 97 2D BE 6D 70 59 ...-...B.y.-.mpY
0010: 49 95 FF A7 I...
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 C6 CC A1 F6 0C 27 6C F6 FF 88 42 FB 9A B1 5A (.....'l...B...Z
0010: 3E 9F 00 D8 >...
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: ###@###.###
]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.101.3.2.1.48.1]
[] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 83 EA EF F6 BF 17 36 F6 55 9B BF 6A 42 6E E2 E3 ......6.U..jBn..
0010: 67 8B F7 FF CC 88 1B 2D 9C 29 03 42 E0 5D F0 2E g......-.).B.]..
0020: 6A 6D 30 B6 F4 3F C2 C5 78 E1 97 93 55 49 34 F5 jm0..?..x...UI4.
0030: F4 37 58 C5 86 9C 1C A9 35 68 57 D8 AF AA B9 F5 .7X.....5hW.....
0040: BC E9 CC EE CC 76 F1 F2 70 1A 0F C5 95 42 3F D6 .....v..p....B?.
0050: 98 B7 73 7E CE 6B 52 0E 58 BA D2 79 BB 9D E2 78 ..s..kR.X..y...x
0060: 6B F9 A7 08 B3 E1 3A 82 10 08 A1 E1 5E 7A AA 0B k.....:.....^z..
0070: FD 41 4A 9E AF 47 37 51 2F DB F5 6C 17 51 1A 1B .AJ..G7Q/..l.Q..
]
]
certpath: CrlRevocationChecker.verifyRevocationStatus() crls.size() = 1
certpath: CRLRevocationChecker.verifyPossibleCRLs: Checking CRLDPs for CN=Rudimentary Directory Path Discovery EE Certificate Test3, O=Test Certificates, C=US
certpath: Exception while verifying CRL: all elements of set must be of type java.security.cert.TrustAnchor
java.lang.ClassCastException: all elements of set must be of type java.security.cert.TrustAnchor
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:205)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at sun.security.provider.certpath.DistributionPointFetcher.verifyCRL(DistributionPointFetcher.java:547)
at sun.security.provider.certpath.CrlRevocationChecker.verifyPossibleCRLs(CrlRevocationChecker.java:747)
at sun.security.provider.certpath.CrlRevocationChecker.verifyRevocationStatus(CrlRevocationChecker.java:311)
at sun.security.provider.certpath.CrlRevocationChecker.verifyRevocationStatus(CrlRevocationChecker.java:239)
at sun.security.provider.certpath.CrlRevocationChecker.check(CrlRevocationChecker.java:210)
at sun.security.provider.certpath.ForwardBuilder.verifyCert(ForwardBuilder.java:783)
at sun.security.provider.certpath.SunCertPathBuilder.depthFirstSearchForward(SunCertPathBuilder.java:409)
at sun.security.provider.certpath.SunCertPathBuilder.depthFirstSearchForward(SunCertPathBuilder.java:620)
at sun.security.provider.certpath.SunCertPathBuilder.buildForward(SunCertPathBuilder.java:346)
at sun.security.provider.certpath.SunCertPathBuilder.buildCertPath(SunCertPathBuilder.java:211)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:180)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
at CertPathBuilderTest.main(CertPathBuilderTest.java:39)
certpath: CrlRevocationChecker.verifyRevocationStatus() approved crls.size() = 0
certpath: CrlRevocationChecker.verifyWithSeparateSigningKey() ---checking revocation status...
...