Details
-
Bug
-
Resolution: Fixed
-
P2
-
7u6
-
b17
-
b34
-
generic
-
generic
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8020902 | 7u60 | Vincent Ryan | P2 | Resolved | Fixed | b01 |
| JDK-8021091 | 7u45 | Vincent Ryan | P2 | Closed | Fixed | b04 |
| JDK-8062645 | 6u95 | Sean Coffey | P2 | Closed | Fixed | b01 |
Description
CertPathValidator throws NPE if trusted certificate does not have AuthorityKeyIdentifier extension:
certpath: PolicyChecker.checkPolicy() certificate policies verified
certpath: -checker5 validation succeeded
certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker]
certpath: ---checking timestamp:Fri May 17 17:42:50 MSK 2013...
certpath: timestamp verified.
certpath: ---checking subject/issuer name chaining...
certpath: subject/issuer name chaining verified.
certpath: ---checking signature...
certpath: signature verified.
certpath: BasicChecker.updateState issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; subject: CN=Oracle Root CA, OU=VeriSign Trust Network, O=Oracle Corporation, C=US; serial#: 100662332940862603838457626880723060860
certpath: -checker6 validation succeeded
certpath: -Using checker7 ... [sun.security.provider.certpath.OCSPChecker]
Exception in thread "main" java.lang.NullPointerException
at sun.security.x509.X509CertImpl.getIssuerKeyIdentifier(X509CertImpl.java:1077)
at sun.security.provider.certpath.OCSPChecker.check(OCSPChecker.java:251)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
certpath: PolicyChecker.checkPolicy() certificate policies verified
certpath: -checker5 validation succeeded
certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker]
certpath: ---checking timestamp:Fri May 17 17:42:50 MSK 2013...
certpath: timestamp verified.
certpath: ---checking subject/issuer name chaining...
certpath: subject/issuer name chaining verified.
certpath: ---checking signature...
certpath: signature verified.
certpath: BasicChecker.updateState issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; subject: CN=Oracle Root CA, OU=VeriSign Trust Network, O=Oracle Corporation, C=US; serial#: 100662332940862603838457626880723060860
certpath: -checker6 validation succeeded
certpath: -Using checker7 ... [sun.security.provider.certpath.OCSPChecker]
Exception in thread "main" java.lang.NullPointerException
at sun.security.x509.X509CertImpl.getIssuerKeyIdentifier(X509CertImpl.java:1077)
at sun.security.provider.certpath.OCSPChecker.check(OCSPChecker.java:251)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
Attachments
Issue Links
- backported by
-
JDK-8020902 NPE is thrown during certpath validation if certificate does not have AuthorityKeyIdentifier extension
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-