Details
-
Bug
-
Resolution: Fixed
-
P2
-
1.1
-
1.1.5
-
sparc
-
solaris_2.5.1
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2016970 | 1.2.0 | Hemlata Prafullchandra | P2 | Resolved | Fixed | 1.2beta2 |
Description
bob.rocchetti@eng 1997-09-16
When presented with an incorrectly formatted x509v1 certificate
the X509Cert() method generates a misleading error message.
For example the following certificate has an incorrect public
key (Y) length. The length is exactly 128 bytes and is encoded
as 0x80 instead of 0x8180.
308202C330820283020463000003300706052B0E03021B3042310B3009060355
040613025553310B3009060355040813024D4531133011060355040A130A4E6F
7420612042616E6B3111300F060355040B1308636865636B696E67301E170D39
37303730383232303030315A170D3938303333313233353930305A3056310B30
09060355040613025553310B3009060355040813024D4531133011060355040A
130A4E6F7420612042616E6B3111300F060355040B1308636865636B696E6731
1230100603550403130953756E205061796572308201B43082012A06052B0E03
020C3082011F02818100FD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF
4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7
813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF8
3B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72A
EFF22203199DD14801C70215009760508F15230BCCB292B982A2EB840BF0581C
F502818100F7E1A085D69B3DDECBBCAB5C36B857B97994AFBBFA3AEA82F9574C
0B3D0782675159578EBAD4594FE67107108180B449167123E84C281613B7CF09
328CC8A6E13C167A8B547C8D28E0A3AE1E2BB3A675916EA37F0BFA213562F1FB
627A01243BCCA4F1BEA8519089A883DFE15AE59F06928B665E807B552564014C
3BFECF492A03818300028078D843B977B9ABD5FAB5B769EBB17E0609F1968DBF
39A0A7F51FC713FA75C07673322DA4A7495F35B74A6B994802F4CFC9F8CA339E
5D3F9E6C60FFE095F3BF33BE791F37A552FA0E5D1809514C26661B91C5DC9DAD
F024DAF7CE70B49F023AFAE37DFC29A60E1E2D0011207C1F536F62164F9005A1
1055CF8F9B55B2F4F03FAD300706052B0E03021B033100302E0215008B5F6DC4
E32F1D81E4289BC5F1AAFDB26F3D7D410215008D9CD7A029317ADBA58449288D
33D34BB4699B7F
The code in sun.security.util.DerInputStream.getLength
actually throws the correct error. (IOException ("DerInput.getLength(), unsupported" + " [ " + tmp + " ]")
The exception that reaches the caller of sun.security.x509.X509Cert
makes no mention of the length encoding problem. Nor does the
message identify the component that could not be parsed (P,Q,G or Y).
[Certificate Exception: The certificate could not be parsed.
(subject key)]
The root cause of the problem is captured and then lost.
When presented with an incorrectly formatted x509v1 certificate
the X509Cert() method generates a misleading error message.
For example the following certificate has an incorrect public
key (Y) length. The length is exactly 128 bytes and is encoded
as 0x80 instead of 0x8180.
308202C330820283020463000003300706052B0E03021B3042310B3009060355
040613025553310B3009060355040813024D4531133011060355040A130A4E6F
7420612042616E6B3111300F060355040B1308636865636B696E67301E170D39
37303730383232303030315A170D3938303333313233353930305A3056310B30
09060355040613025553310B3009060355040813024D4531133011060355040A
130A4E6F7420612042616E6B3111300F060355040B1308636865636B696E6731
1230100603550403130953756E205061796572308201B43082012A06052B0E03
020C3082011F02818100FD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF
4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7
813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF8
3B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72A
EFF22203199DD14801C70215009760508F15230BCCB292B982A2EB840BF0581C
F502818100F7E1A085D69B3DDECBBCAB5C36B857B97994AFBBFA3AEA82F9574C
0B3D0782675159578EBAD4594FE67107108180B449167123E84C281613B7CF09
328CC8A6E13C167A8B547C8D28E0A3AE1E2BB3A675916EA37F0BFA213562F1FB
627A01243BCCA4F1BEA8519089A883DFE15AE59F06928B665E807B552564014C
3BFECF492A03818300028078D843B977B9ABD5FAB5B769EBB17E0609F1968DBF
39A0A7F51FC713FA75C07673322DA4A7495F35B74A6B994802F4CFC9F8CA339E
5D3F9E6C60FFE095F3BF33BE791F37A552FA0E5D1809514C26661B91C5DC9DAD
F024DAF7CE70B49F023AFAE37DFC29A60E1E2D0011207C1F536F62164F9005A1
1055CF8F9B55B2F4F03FAD300706052B0E03021B033100302E0215008B5F6DC4
E32F1D81E4289BC5F1AAFDB26F3D7D410215008D9CD7A029317ADBA58449288D
33D34BB4699B7F
The code in sun.security.util.DerInputStream.getLength
actually throws the correct error. (IOException ("DerInput.getLength(), unsupported" + " [ " + tmp + " ]")
The exception that reaches the caller of sun.security.x509.X509Cert
makes no mention of the length encoding problem. Nor does the
message identify the component that could not be parsed (P,Q,G or Y).
[Certificate Exception: The certificate could not be parsed.
(subject key)]
The root cause of the problem is captured and then lost.
Attachments
Issue Links
- backported by
-
JDK-2016970 X509Cert generates an incomplete and misleading error message
-
- Resolved
-