Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6923681

Jarsigner crashes during timestamping

    Details

    • Subcomponent:
    • Resolved In Build:
      b86
    • CPU:
      x86
    • OS:
      windows_xp

      Description

      FULL PRODUCT VERSION :
      java version "1.6.0_18"
      Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
      Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows XP [Version 5.1.2600]

      A DESCRIPTION OF THE PROBLEM :
      When timestamping a java-jar, the jarsigner crashes with a NullPointerexception.

      The issuing CA of the TSA-certificate has multiple revocation list distribution points. Two of the distribution points start with ldap and do not contain servernames

      URL=ldap:///CN=MY-CA,CN=AAAAAA,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=ad,DC=oenb,DC=co,DC=at?certificateRevocationList?base?objectClass=cRLDistributionPoint.

      We assume that the absence of the servername is the reason for jarsigner to crash with the null-pointer exception.

      This is the Windows default behaviour when creating certificates.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Create a Microsoft Windows CA, which has ldap distribution points but no servernames listed.

      Issue a timestamping-certificate from this windows ca. Then try to timestamp some jar with this server.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      jarsigner should handle the revocation list distribution points correctly. If at least one distribution point can be reached (like http://xxxx/xxx.crl, the jar should be timestamped correctly.
      ACTUAL -
      jarsigner crashes.

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      jarsigner error: java.lang.NullPointerException

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      n/a, just timestamp an arbitrary jar using jarsigned
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      create an AD-CA that includes servernames in all revocation list distribution points

        Activity

        Show
        weijun Weijun Wang added a comment - BT2:EVALUATION http://hg.openjdk.java.net/jdk7/tl/jdk/rev/0f383673ce31
        Hide
        weijun Weijun Wang added a comment -
        BT2:EVALUATION

        Turns out we haven't check if extkeyUsage is null.
        Show
        weijun Weijun Wang added a comment - BT2:EVALUATION Turns out we haven't check if extkeyUsage is null.
        Hide
        weijun Weijun Wang added a comment -
        BT2:EVALUATION

        No regression test, code change is too trivial.
        Show
        weijun Weijun Wang added a comment - BT2:EVALUATION No regression test, code change is too trivial.

          People

          • Assignee:
            weijun Weijun Wang
            Reporter:
            ndcosta Nelson Dcosta
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Imported:
              Indexed: