Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6521485

X509CRL.getRevokedCertificates does not preserve order of revoked certificates

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 5.0
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Introduced In Build:
      1.4.0
    • Introduced In Version:
    • CPU:
      x86
    • OS:
      windows_xp

      Description

      FULL PRODUCT VERSION :


      A DESCRIPTION OF THE PROBLEM :
      The problem arrives when I try to decode an indirect CRL with the class X509CRL of JDK 1.5.

      Set entradasDeCRL = crl.getRevokedCertificates();
      Iterator itEntradasDeCRL = entradasDeCRL.iterator();

      When we review the standard X.509, the ASN.1 definition of CRL is:

      CertificateList ::= SIGNED { SEQUENCE {
        version Version OPTIONAL,-- if present, version must be v2
        signature AlgorithmIdentifier,
        issuer Name,
        thisUpdate Time,
        nextUpdate Time OPTIONAL,
        revokedCertificates SEQUENCE OF SEQUENCE {
        serialNumber CertificateSerialNumber,
        revocationDate Time,
        crlEntryExtensions Extensions OPTIONAL } OPTIONAL,
        crlExtensions [0] Extensions OPTIONAL }}

      Revoked certificates are defined as a "SEQUENCE OF". This is an ordered collection of zero or more elements. When use the JDK, we can see that JDK decodes it as a SET OF, and it does not respect the order of the collection.

      If we use this implementation where the order is not "important", we can not use the CertificateIssuer extension to handle indirect CRLs correctly.




      REPRODUCIBILITY :
      This bug can be reproduced always.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ryeung Roger Yeung (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: