Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8283082

sun.security.x509.X509CertImpl.delete("x509.info.validity") nulls out info field

XMLWordPrintable

    • b06
    • generic
    • generic
    • Not verified

      A DESCRIPTION OF THE PROBLEM :
      sun.security.x509.X509CertImpl.delete("x509.info.validity") nulls out info field instead of calling info.delete("validity").

      Look at the lines 744-748, https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/x509/X509CertImpl.java#L744

                  if (attr.getSuffix() != null) {
                      info = null;
                  } else {
                      info.delete(attr.getSuffix());
                  }

      It seems like the if condition should be negated (or "if" branches swapped) in order to do the right thing.

      I understand the client is not normally expected to call this code, because X509CertImpl instance is supposed to remain read-only once initialized from the certificate content.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Initialize X509CertImpl by calling:

      X509CertImpl x509CertImpl = (X509CertImpl) CertificateFactory.getInstance("X.509").generateCertificate(<certficate-input-stream>);

      disable readOnly flag with:

      Field readOnlyField = X509CertImpl.class.getDeclaredField("readOnly");
      readOnlyField.setAccessible(true);
      readOnlyField.set(x509CertImpl, false);

      then execute:

      x509CertImpl.delete(X509CertImpl.NAME + "." + X509CertImpl.INFO + "." + X509CertInfo.VALIDITY);

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      I expect that "validity" field gets "deleted", i.e. null-ed out.
      ACTUAL -
      Instead null-ing happens to the "info" field, one level higher in the hierarchy of the qualified name given.

      ---------- BEGIN SOURCE ----------
      import sun.security.x509.X509CertImpl;
      import sun.security.x509.X509CertInfo;

      import java.io.ByteArrayInputStream;
      import java.lang.reflect.Field;
      import java.nio.charset.StandardCharsets;
      import java.security.cert.CertificateFactory;

      public class X509CertImplTest {
          public static void main(String[] args) throws Exception {
              final String cert = "-----BEGIN CERTIFICATE-----\n" +
                  "MIIBLjCB1qADAgECAgEBMAoGCCqGSM49BAMCMBIxEDAOBgNVBAMMB2xvY2FsQ0Ew\n" +
                  "HhcNMjIwMzEwMjMyMjU2WhcNMjIwMzExMjMyMjU2WjAUMRIwEAYDVQQDDAlsb2Nh\n" +
                  "bGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATSJzFRm9VrWVhcvrb6k/ql\n" +
                  "PvlhDQdNnUkx9v/LmvoLmM8Wqpw7+805V9ke51P/UbB3UreprwY0SEV18URYY/fM\n" +
                  "oxswGTAXBgNVHREBAf8EDTALgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDRwAwRAIg\n" +
                  "aKRZuRQR+JJCLwqyr5Xbww6fHSBJuxk/63nNxx/yJzECICJZEuDo4a0gL6BprdEK\n" +
                  "06U7+ookw2vCAy99Qc9p34T4\n" +
                  "-----END CERTIFICATE-----\n";

              CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
              ByteArrayInputStream inStream = new ByteArrayInputStream(cert.getBytes(StandardCharsets.US_ASCII));
              X509CertImpl x509CertImpl = (X509CertImpl) certificateFactory.generateCertificate(inStream);

              //disable readOnly flag
              Field readOnlyField = X509CertImpl.class.getDeclaredField("readOnly");
              readOnlyField.setAccessible(true);
              readOnlyField.set(x509CertImpl, false);

              //act
              x509CertImpl.delete(X509CertImpl.NAME + "." + X509CertImpl.INFO + "." + X509CertInfo.VALIDITY);

              X509CertInfo info = (X509CertInfo) x509CertImpl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
              assert info != null; // assertion fails if assertions are enabled
          }
      }

      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      None.

      FREQUENCY : always


            weijun Weijun Wang
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: