-
Bug
-
Resolution: Won't Fix
-
P3
-
None
-
6u21
-
x86
-
windows_2008
When a customer application which connects to ActiveDirectory in TLS connection faces with a problem related to X509 certificates.
PROBLEM :
The customer plans to adopt OCSP in Windows Server 2008.
They found some errors when they tried to import OCSP certificates to CertStore of JKS in keytool command.
Also, they found some exception when they tried to view the certificates in java.security.cert.CertificateFactory.generateCertificate().
CONFIGURATION:
OS : Windows Server 2008/Windows Vista Business(Japanese)
JDK : jdk6u21/u22
REPRODUCE :
1. Keytool error
(1) invoke the comand line (ocspcert_der.cer is attached to this CR file)
C:\Users\licensees\ocsp-cert-exception> keytool -import -file ocspcert_der.cer
Input Keystore password :
Input new password again :
Keytool Error : java.lang.Exception: Not X509 certificates
C:\Users\licensees\ocsp-cert-exception> keytool -printcert -file ocspcert_der.cer
keytool error : java.lang.Exception: fails to parse input
NOTE:
The above messages are just translated into English.
So, those might not be different from the actual message in Windows (English).
2. Exception in java.security.cert.CertificateFactory.generateCertificate()
(1) Compile the attached CertView.java and invoke the command line
C:\Users\licensees\ocsp-cert-exception>java CertView ocspcert_der.cer
java.security.cert.CertificateParsingException: java.io.IOException: short read on DerValue buffer
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:154)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1729)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:179)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at CertView.<init>(CertView.java:23)
at CertView.main(CertView.java:13)
Caused by: java.io.IOException: short read on DerValue buffer
at sun.security.util.DerValue.getOctetString(DerValue.java:459)
at sun.security.x509.Extension.<init>(Extension.java:73)
at sun.security.x509.CertificateExtensions.init(CertificateExtensions.ja
va:69)
at sun.security.x509.CertificateExtensions.<init>(CertificateExtensions.
java:60)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:723)
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:152)
... 6 more
NOTE:
This problems don't occur in jdk7b99.
PROBLEM :
The customer plans to adopt OCSP in Windows Server 2008.
They found some errors when they tried to import OCSP certificates to CertStore of JKS in keytool command.
Also, they found some exception when they tried to view the certificates in java.security.cert.CertificateFactory.generateCertificate().
CONFIGURATION:
OS : Windows Server 2008/Windows Vista Business(Japanese)
JDK : jdk6u21/u22
REPRODUCE :
1. Keytool error
(1) invoke the comand line (ocspcert_der.cer is attached to this CR file)
C:\Users\licensees\ocsp-cert-exception> keytool -import -file ocspcert_der.cer
Input Keystore password :
Input new password again :
Keytool Error : java.lang.Exception: Not X509 certificates
C:\Users\licensees\ocsp-cert-exception> keytool -printcert -file ocspcert_der.cer
keytool error : java.lang.Exception: fails to parse input
NOTE:
The above messages are just translated into English.
So, those might not be different from the actual message in Windows (English).
2. Exception in java.security.cert.CertificateFactory.generateCertificate()
(1) Compile the attached CertView.java and invoke the command line
C:\Users\licensees\ocsp-cert-exception>java CertView ocspcert_der.cer
java.security.cert.CertificateParsingException: java.io.IOException: short read on DerValue buffer
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:154)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1729)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:179)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at CertView.<init>(CertView.java:23)
at CertView.main(CertView.java:13)
Caused by: java.io.IOException: short read on DerValue buffer
at sun.security.util.DerValue.getOctetString(DerValue.java:459)
at sun.security.x509.Extension.<init>(Extension.java:73)
at sun.security.x509.CertificateExtensions.init(CertificateExtensions.ja
va:69)
at sun.security.x509.CertificateExtensions.<init>(CertificateExtensions.
java:60)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:723)
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:152)
... 6 more
NOTE:
This problems don't occur in jdk7b99.
- relates to
-
JDK-6804045 DerValue does not accept empty OCTET STRING
-
- Closed
-