Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8275822

X509Certificate.get{Subject,Issuer}AlternativeNames and getExtendedKeyUsage do not throw CertificateParsingException if extension is unparseable

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 18
    • security-libs
    • None
    • behavioral
    • low
    • An exception will be thrown instead of returning null, but CertificateParsingException is part of the specification and is a checked exception so code should be prepared to handle it.
    • Java API
    • Implementation

      Summary

      The JDK implementation (as supplied by the SUN provider) of X509Certificate::getSubjectAlternativeNames, X509Certificate::getIssuerAlternativeNames and X509Certificate::getExtendedKeyUsage returns null instead of throwing a CertificateParsingException when the extension is non-critical and unparseable (badly encoded or contains invalid values).

      Problem

      This behavior is not compliant with the specification of these methods.

      Solution

      Change the implementations to throw CertificateParsingException.

      Specification

      N/A. The new behavior is compliant with the specification.

            mullan Sean Mullan
            webbuggrp Webbug Group
            Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: