Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8175029

StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P2 P2
    • 10
    • 8
    • security-libs
    • None

        X509Certificate.verify(PublicKey, Provider) was added in JDK-7026347.
        Probably almost everyone uses the implementation in subclass X509CertImpl but a default implementation is provided in the base class.

        The default implementation X509Certificate.verify(key, provider) calls X509CertificateImpl.verify(this, key, provider) which in turn calls cert.verify(key, provider) with resultant infinite recursion. To demonstrate, any subclass of X509Certificate that does not override verify will do:

        import java.math.BigInteger;
        import java.security.Principal;
        import java.security.Provider;
        import java.security.PublicKey;
        import java.security.cert.X509Certificate;
        import java.util.Date;
        import java.util.Set;

        public class X509Bug {
            static class StubX509Certificate extends X509Certificate {
                static final UnsupportedOperationException uoe
                    = new UnsupportedOperationException("Stub!");
                public Set<String> getCriticalExtensionOIDs() { throw uoe; }
                public byte[] getExtensionValue(String oid) { throw uoe; }
                public Set<String> getNonCriticalExtensionOIDs() { throw uoe; }
                public boolean hasUnsupportedCriticalExtension() { throw uoe; }
                public void checkValidity() { throw uoe; }
                public void checkValidity(Date date) { throw uoe; }
                public int getVersion() { throw uoe; }
                public BigInteger getSerialNumber() { throw uoe; }
                public Principal getIssuerDN() { throw uoe; }
                public Principal getSubjectDN() { throw uoe; }
                public Date getNotBefore() { throw uoe; }
                public Date getNotAfter() { throw uoe; }
                public byte[] getTBSCertificate() { throw uoe; }
                public byte[] getSignature() { throw uoe; }
                public String getSigAlgName() { throw uoe; }
                public String getSigAlgOID() { throw uoe; }
                public byte[] getSigAlgParams() { throw uoe; }
                public boolean[] getIssuerUniqueID() { throw uoe; }
                public boolean[] getSubjectUniqueID() { throw uoe; }
                public boolean[] getKeyUsage() { throw uoe; }
                public int getBasicConstraints() { throw uoe; }
                public byte[] getEncoded() { throw uoe; }
                public void verify(PublicKey key) { throw uoe; }
                public void verify(PublicKey key, String sigProvider) { throw uoe; }
                public String toString() { throw uoe; }
                public PublicKey getPublicKey() { throw uoe; }
            }

            public static void main(String[] args) throws Exception {
                new StubX509Certificate().verify(null, (Provider) null);
            }
        }

         $ java X509Bug |& head -5
        Exception in thread "main" java.lang.StackOverflowError
        at java.base/sun.security.x509.X509CertImpl.verify(X509CertImpl.java:506)
        at java.base/java.security.cert.X509Certificate.verify(X509Certificate.java:676)
        at java.base/sun.security.x509.X509CertImpl.verify(X509CertImpl.java:506)
        at java.base/java.security.cert.X509Certificate.verify(X509Certificate.java:676)

              mullan Sean Mullan
              martin Martin Buchholz
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: