-
Bug
-
Resolution: Fixed
-
P3
-
8, 9
-
b137
-
Verified
When using a CertPathValidator or CertPathBuilder to build or check a certification path, if a PKIXParameters or PKIXBuilderParameters object is made with TrustAnchors using the form:
TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
When CertPathValidator.validate() or CertPathBuilder.build() is called, an NPE is thrown. This happens when OCSP is enabled, it is unknown at this point if OCSP is disabled and a CRL is used to provide validation information.
Sample trace from a CertPathValidator failure:
java.lang.NullPointerException
at sun.security.provider.certpath.OCSPResponse.verify(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.RevocationChecker.checkOCSP(Unknown Source)
at sun.security.provider.certpath.RevocationChecker.check(Unknown Source)
at sun.security.provider.certpath.RevocationChecker.check(Unknown Source)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
and from a CertPathBuilder:
Exception in thread "main" java.lang.NullPointerException
at sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:484)
at sun.security.provider.certpath.OCSP.check(OCSP.java:217)
at sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:749)
at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:363)
at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:337)
at sun.security.provider.certpath.SunCertPathBuilder.depthFirstSearchForward(SunCertPathBuilder.java:425)
at sun.security.provider.certpath.SunCertPathBuilder.buildForward(SunCertPathBuilder.java:225)
at sun.security.provider.certpath.SunCertPathBuilder.buildCertPath(SunCertPathBuilder.java:160)
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:131)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at ValWithOcspNullTest.main(ValWithOcspNullTest.java:93)
TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
When CertPathValidator.validate() or CertPathBuilder.build() is called, an NPE is thrown. This happens when OCSP is enabled, it is unknown at this point if OCSP is disabled and a CRL is used to provide validation information.
Sample trace from a CertPathValidator failure:
java.lang.NullPointerException
at sun.security.provider.certpath.OCSPResponse.verify(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.RevocationChecker.checkOCSP(Unknown Source)
at sun.security.provider.certpath.RevocationChecker.check(Unknown Source)
at sun.security.provider.certpath.RevocationChecker.check(Unknown Source)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
and from a CertPathBuilder:
Exception in thread "main" java.lang.NullPointerException
at sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:484)
at sun.security.provider.certpath.OCSP.check(OCSP.java:217)
at sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:749)
at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:363)
at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:337)
at sun.security.provider.certpath.SunCertPathBuilder.depthFirstSearchForward(SunCertPathBuilder.java:425)
at sun.security.provider.certpath.SunCertPathBuilder.buildForward(SunCertPathBuilder.java:225)
at sun.security.provider.certpath.SunCertPathBuilder.buildCertPath(SunCertPathBuilder.java:160)
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:131)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at ValWithOcspNullTest.main(ValWithOcspNullTest.java:93)