Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6939248

Jarsigner can't extract Extended Key Usage from Timestamp Reply currectly

    Details

    • Subcomponent:
    • Resolved In Build:
      b03
    • CPU:
      x86
    • OS:
      windows_xp

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.6.0_18"
        Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
        Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)

        ADDITIONAL OS VERSION INFORMATION :
        Windows XP SP3

        A DESCRIPTION OF THE PROBLEM :
        When timestamping a request jarsigner crashes with a null pointer exception:

        jarsigner error: java.lang.NullPointerException
        java.lang.NullPointerException
                at sun.security.tools.TimestampedSigner.generateTimestampToken(Timestamp
        edSigner.java:346)
                at sun.security.tools.TimestampedSigner.generateSignedData(TimestampedSi
        gner.java:211)
                at sun.security.tools.SignatureFile$Block.<init>(JarSigner.java:1979)
                at sun.security.tools.SignatureFile.generateBlock(JarSigner.java:1876)
                at sun.security.tools.JarSigner.signJar(JarSigner.java:1024)
                at sun.security.tools.JarSigner.run(JarSigner.java:203)
                at sun.security.tools.JarSigner.main(JarSigner.java:74)

        The reason seems to be that line 376/377 extracts the keyPurposes.
        keyPurposes = cert.getExtendedKeyUsage();

        The keyPurposes variable is null after this statement. The certificate used for timestamping defininitely has the extendedKeyUsage Fields set and it includes the KP_TIMESTAMPING_OID OID.


          To make this reproducible, I captured the network traffic that is sent from the timestamp-server and try to attach the pcap file as well as the certificate used for timestamping.


        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Use jarsigner to sign and timestamp a jar-file with the attached certificate.


        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        Jar file gets timestamped correctly, extended key usage can be extracted correctly from the timestamp server reply.
        ACTUAL -
        see description, jarsigner crashes because the extended key usage field can't be extracted correctly.

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        see description

        REPRODUCIBILITY :
        This bug can be reproduced always.

        CUSTOMER SUBMITTED WORKAROUND :
        unknown

          Activity

          Hide
          weijun Weijun Wang added a comment -
          BT2:EVALUATION

          Seems we falsely use the first certificate in the response cert chain as the TSA cert. In fact, the chain is encoded as a Set and unordered.
          Show
          weijun Weijun Wang added a comment - BT2:EVALUATION Seems we falsely use the first certificate in the response cert chain as the TSA cert. In fact, the chain is encoded as a Set and unordered.

            People

            • Assignee:
              weijun Weijun Wang
              Reporter:
              ndcosta Nelson Dcosta
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: