-
Bug
-
Resolution: Fixed
-
P4
-
8, 9
-
b94
-
windows
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8148848 | 8u102 | Robert Mckenna | P4 | Resolved | Fixed | b03 |
| JDK-8149290 | 8u101 | Christoph Langer | P4 | Resolved | Fixed | b01 |
| JDK-8145719 | 8u92 | Christoph Langer | P4 | Resolved | Fixed | b07 |
| JDK-8155435 | emb-8u101 | Christoph Langer | P4 | Resolved | Fixed | b01 |
| JDK-8161466 | 7u131 | Ivan Gerasimov | P4 | Resolved | Fixed | b01 |
| JDK-8161634 | 7u121 | Ivan Gerasimov | P4 | Resolved | Fixed | b05 |
| JDK-8163070 | openjdk7u | Christoph Langer | P4 | Resolved | Fixed | master |
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
at sun.security.mscapi.KeyStore.engineGetCertificate(KeyStore.java:313)
at sun.security.mscapi.KeyStore$ROOT.engineGetCertificate(KeyStore.java:60)
at java.security.KeyStore.getCertificate(KeyStore.java:1095)
at WindowsCertificateReaderTest.main(WindowsCertificateReaderTest.java:24)
The issue can be recreated, using e.g. an old IAIK security provider, for instance version 3.15, when you have elliptic curve certificates in the windows keystore. This is the source code:
import iaik.security.provider.IAIK;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Enumeration;
public class WindowsCertificateReaderTest {
public static void main(String[] args) {
System.out.println("Prepending IAIK as security provider.");
IAIK.addAsJDK14Provider();
try {
System.out.print("Loading Windows-ROOT Certificates...");
KeyStore ks = KeyStore.getInstance("Windows-ROOT", "SunMSCAPI");
ks.load(null, null);
System.out.println(" done.");
Enumeration iter = ks.aliases();
while (iter.hasMoreElements()) {
String alias = (String)iter.nextElement();
System.out.print("Reading certificate for alias: " + alias + "...");
ks.getCertificate(alias);
System.out.println(" ok.");
}
} catch (KeyStoreException kse) {
kse.printStackTrace();
} catch (NoSuchProviderException nse) {
nse.printStackTrace();
} catch (NoSuchAlgorithmException nsae) {
nsae.printStackTrace();
} catch (CertificateException ce) {
ce.printStackTrace();
} catch (IOException ioe) {
ioe.printStackTrace();
}
}
}
The reason is that in method "private void generateCertificate(byte[] data, Collection<Certificate> certCollection)" exceptions are just caught and silently ignored which will lead to the situation that an entry for the certificate alias is added to the certificate collection but no certificate data is associated with it.
- backported by
-
JDK-8145719 sun.security.mscapi.KeyStore might load incomplete data
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- duplicates
-
-
- Closed
-
- relates to
-
-
- Resolved
-