Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4079619

X509Cert generates an incomplete and misleading error message

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      1.1.5
    • CPU:
      sparc
    • OS:
      solaris_2.5.1
    • Verification:
      Verified

      Backports

        Description

        bob.rocchetti@eng 1997-09-16

        When presented with an incorrectly formatted x509v1 certificate
        the X509Cert() method generates a misleading error message.

        For example the following certificate has an incorrect public
        key (Y) length. The length is exactly 128 bytes and is encoded
        as 0x80 instead of 0x8180.

        308202C330820283020463000003300706052B0E03021B3042310B3009060355
        040613025553310B3009060355040813024D4531133011060355040A130A4E6F
        7420612042616E6B3111300F060355040B1308636865636B696E67301E170D39
        37303730383232303030315A170D3938303333313233353930305A3056310B30
        09060355040613025553310B3009060355040813024D4531133011060355040A
        130A4E6F7420612042616E6B3111300F060355040B1308636865636B696E6731
        1230100603550403130953756E205061796572308201B43082012A06052B0E03
        020C3082011F02818100FD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF
        4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7
        813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF8
        3B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72A
        EFF22203199DD14801C70215009760508F15230BCCB292B982A2EB840BF0581C
        F502818100F7E1A085D69B3DDECBBCAB5C36B857B97994AFBBFA3AEA82F9574C
        0B3D0782675159578EBAD4594FE67107108180B449167123E84C281613B7CF09
        328CC8A6E13C167A8B547C8D28E0A3AE1E2BB3A675916EA37F0BFA213562F1FB
        627A01243BCCA4F1BEA8519089A883DFE15AE59F06928B665E807B552564014C
        3BFECF492A03818300028078D843B977B9ABD5FAB5B769EBB17E0609F1968DBF
        39A0A7F51FC713FA75C07673322DA4A7495F35B74A6B994802F4CFC9F8CA339E
        5D3F9E6C60FFE095F3BF33BE791F37A552FA0E5D1809514C26661B91C5DC9DAD
        F024DAF7CE70B49F023AFAE37DFC29A60E1E2D0011207C1F536F62164F9005A1
        1055CF8F9B55B2F4F03FAD300706052B0E03021B033100302E0215008B5F6DC4
        E32F1D81E4289BC5F1AAFDB26F3D7D410215008D9CD7A029317ADBA58449288D
        33D34BB4699B7F

        The code in sun.security.util.DerInputStream.getLength
        actually throws the correct error. (IOException ("DerInput.getLength(), unsupported" + " [ " + tmp + " ]")

        The exception that reaches the caller of sun.security.x509.X509Cert
        makes no mention of the length encoding problem. Nor does the
        message identify the component that could not be parsed (P,Q,G or Y).
        [Certificate Exception: The certificate could not be parsed.
          (subject key)]

        The root cause of the problem is captured and then lost.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                hprafullsunw Hemlata Prafullchandra (Inactive)
                Reporter:
                duke J. Duke (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: