Details
-
Bug
-
Resolution: Fixed
-
P2
-
8
-
None
-
b04
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8239035 | openjdk8u252 | Bradford Wetmore | P2 | Resolved | Fixed | b03 |
| JDK-8238054 | 8u261 | Bradford Wetmore | P2 | Resolved | Fixed | b01 |
| JDK-8238787 | 8u251 | Bradford Wetmore | P2 | Closed | Fixed | b04 |
| JDK-8246923 | emb-8u261 | Bradford Wetmore | P2 | Resolved | Fixed | team |
| JDK-8239730 | emb-8u251 | Bradford Wetmore | P2 | Resolved | Fixed | team |
Description
Probably almost everyone uses the implementation in subclass X509CertImpl but a default implementation is provided in the base class.
The default implementation X509Certificate.verify(key, provider) calls X509CertificateImpl.verify(this, key, provider) which in turn calls cert.verify(key, provider) with resultant infinite recursion. To demonstrate, any subclass of X509Certificate that does not override verify will do:
import java.math.BigInteger;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Set;
public class X509Bug {
static class StubX509Certificate extends X509Certificate {
static final UnsupportedOperationException uoe
= new UnsupportedOperationException("Stub!");
public Set<String> getCriticalExtensionOIDs() { throw uoe; }
public byte[] getExtensionValue(String oid) { throw uoe; }
public Set<String> getNonCriticalExtensionOIDs() { throw uoe; }
public boolean hasUnsupportedCriticalExtension() { throw uoe; }
public void checkValidity() { throw uoe; }
public void checkValidity(Date date) { throw uoe; }
public int getVersion() { throw uoe; }
public BigInteger getSerialNumber() { throw uoe; }
public Principal getIssuerDN() { throw uoe; }
public Principal getSubjectDN() { throw uoe; }
public Date getNotBefore() { throw uoe; }
public Date getNotAfter() { throw uoe; }
public byte[] getTBSCertificate() { throw uoe; }
public byte[] getSignature() { throw uoe; }
public String getSigAlgName() { throw uoe; }
public String getSigAlgOID() { throw uoe; }
public byte[] getSigAlgParams() { throw uoe; }
public boolean[] getIssuerUniqueID() { throw uoe; }
public boolean[] getSubjectUniqueID() { throw uoe; }
public boolean[] getKeyUsage() { throw uoe; }
public int getBasicConstraints() { throw uoe; }
public byte[] getEncoded() { throw uoe; }
public void verify(PublicKey key) { throw uoe; }
public void verify(PublicKey key, String sigProvider) { throw uoe; }
public String toString() { throw uoe; }
public PublicKey getPublicKey() { throw uoe; }
}
public static void main(String[] args) throws Exception {
new StubX509Certificate().verify(null, (Provider) null);
}
}
$ java X509Bug |& head -5
Exception in thread "main" java.lang.StackOverflowError
at java.base/sun.security.x509.X509CertImpl.verify(X509CertImpl.java:506)
at java.base/java.security.cert.X509Certificate.verify(X509Certificate.java:676)
at java.base/sun.security.x509.X509CertImpl.verify(X509CertImpl.java:506)
at java.base/java.security.cert.X509Certificate.verify(X509Certificate.java:676)
Attachments
Issue Links
- backported by
-
JDK-8238054 StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
- relates to
-
JDK-7026347 Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
-
- Closed
-