Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6931888

Inconsistant behavior for invalid URI name in cert file

    Details

      Description

      J2SE Version:
        java version "1.6.0_17"
        Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
        Java HotSpot(TM) Server VM (build 14.3-b01, mixed mode)

      Operating System Configuration Information:
        SunOS sottecsweb 5.9 Generic_122300-28 sun4u sparc SUNW,Sun-Fire-280R

      cert contains the following in the cdp:
      URL=file://\\\\DC\\CRL\\entrust_ca_crlfile.crl
      Directory Address: CN=CRL1, O=entrust,C=ca

      When try to import this cert into a keystore using Java 1.6.0_17 on Solaris, get an exception:

      bash-2.05# keytool -importcert -file cacert.crt -keystore parthy1.keystore
      Enter keystore password:
      Owner: O=entrust, C=ca
      Issuer: O=entrust, C=ca
      Serial number: 481b478c
      Valid from: Fri May 02 12:25:41 EDT 2008 until: Tue May 02 12:55:41 EDT 2028
      Certificate fingerprints:
      MD5: 42:15:6A:37:A0:CD:17:B9:DE:DD:AF:F2:0D:E1:DB:9D
      SHA1: 81:C8:C4:9F:31:4A:5B:EF:A6:3B:3A:C3:96:D4:CA:F8:BE:A1:4E:E6
      Signature algorithm name: SHA1withRSA
      Version: 3

      Extensions:

      #1: ObjectId: 2.5.29.16 Criticality=false
      PrivateKeyUsage: [
      From: Fri May 02 12:25:41 EDT 2008, To: Tue May 02 12:55:41 EDT 2028]

      #2: ObjectId: 2.5.29.15 Criticality=false
      KeyUsage [
      Key_CertSign
      Crl_Sign
      ]

      #3: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4....
      0010: E5 4F 55 66 .OUf
      ]
      ]

      #4: ObjectId: 1.2.840.113533.7.65.0 Criticality=false

      #5: ObjectId: 2.5.29.31 Criticality=false
      Unparseable CRLDistributionPoints extension due to
      java.io.IOException: invalid URI name:file://\\\\DC\\CRL\\entrust_ca_crlfile.crl

      0000: 30 66 30 36 A0 34 A0 32 A4 30 30 2E 31 0B 30 09 0f06.4.2.00.1.0.
      0010: 06 03 55 04 06 13 02 63 61 31 10 30 0E 06 03 55 ..U....ca1.0...U
      0020: 04 0A 13 07 65 6E 74 72 75 73 74 31 0D 30 0B 06 ....entrust1.0..
      0030: 03 55 04 03 13 04 43 52 4C 31 30 2C A0 2A A0 28 .U....CRL10,.*.(
      0040: 86 26 66 69 6C 65 3A 2F 2F 5C 5C 44 43 5C 43 52 .&file://\\\\DC\\CR
      0050: 4C 5C 65 6E 74 72 75 73 74 5F 63 61 5F 63 72 6C L\\entrust_ca_crl
      0060: 66 69 6C 65 2E 63 72 6C file.crl

      #6: ObjectId: 2.5.29.19 Criticality=false
      BasicConstraints:[
      CA:true
      PathLen:2147483647
      ]

      #7: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
      NetscapeCertType [
      SSL CA
      S/MIME CA
      Object Signing CA]

      #8: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4....
      0010: E5 4F 55 66 .OUf
      ]

      ]

      Trust this certificate? [no]: yes
      Certificate was added to keystore


       "file://\\\\DC\\CRL\\entrust_ca_crlfile.crl" is not a valid URI due to '\\' characters,
       However, the same cert imports without the exception if Java 1.6 on windows is used.
      There seems to be a discrepancy here.

      Moreover, the main reason to have multiple CDPs in a certificate is for redundancy.
      If a particular CDP in a certificate is invalid, then it should be skipped till
      at least one CDP can be validated.
      }

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                juh Jason Uh (Inactive)
                Reporter:
                tyao Ting-Yun Ingrid Yao (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: