Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7142172

Custom X509TrustManagers that return null for getAcceptedIssuers will NPE.

    Details

    • Subcomponent:
    • Introduced In Build:
      b06
    • Introduced In Version:
      7u4
    • Resolved In Build:
      b20
    • CPU:
      generic, x86
    • OS:
      generic, os_x, windows_7
    • Verification:
      Verified

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.7.0_04-ea"
        Java(TM) SE Runtime Environment (build 1.7.0_04-ea-b227)
        Java HotSpot(TM) 64-Bit Server VM (build 23.0-b12, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Mac OS X 10.7.3

        A DESCRIPTION OF THE PROBLEM :
        I receive the following exception when running on JDK 7 on OS X. JDK 7 on Windows or Linux works, as does JDK 6 on OS X.

        java.lang.NullPointerException
        at java.util.Collections.addAll(Collections.java:3836)
        at sun.security.ssl.AbstractTrustManagerWrapper.<init>(SSLContextImpl.java:778)
        at sun.security.ssl.SSLContextImpl.chooseTrustManager(SSLContextImpl.java:133)
        at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:89)
        at javax.net.ssl.SSLContext.init(SSLContext.java:283)

        REGRESSION. Last worked in version 6u29

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        We encounter the issue while running the example code attached
         


        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        Should not throw an exception
        ACTUAL -
        throws NPE

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        java.lang.NullPointerException
        at java.util.Collections.addAll(Collections.java:3836)
        at sun.security.ssl.AbstractTrustManagerWrapper.<init>(SSLContextImpl.java:778)
        at sun.security.ssl.SSLContextImpl.chooseTrustManager(SSLContextImpl.java:133)
        at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:89)
        at javax.net.ssl.SSLContext.init(SSLContext.java:283)

        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        package testssl;

        import java.security.PublicKey;
        import javax.net.ssl.SSLContext;
        import javax.net.ssl.TrustManager;
        import javax.net.ssl.X509TrustManager;
        import sun.misc.BASE64Encoder;

        public class TestSSL {

            public static void main(String[] args) throws Exception {
                final String CERT_PBK = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCd8j2M0Ok94KVfY1wxcb6RGfHbBK2NggrDmgF60/nzQmU3Z92AYxDUqXXl9j3SsvTLwgh0HpQgTgkOeJ/1csYMy+Ij1ZtRQ2IReBd9KvCbgpmZA5o0Hgf5bT0Jh6XyJI0cGIZ5PS9lhkJcfBVcEiPMlfvo6ZxaU/Kes6BHG7yWFQIDAQAB";
                SSLContext sslContext;


                // Create a trust manager that does not validate certificate chains
                TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {

                public void checkClientTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
                }

                public void checkServerTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
                    if (certs.length == 1) {
                        PublicKey publicKey = certs[0].getPublicKey();
                        byte[] encodePublickey = publicKey.getEncoded();
                        String s = new BASE64Encoder().encode(encodePublickey);
                        if (s.compareTo(CERT_PBK) != 0) {
                            throw new Error("invalid key");
                        }
                    } else {
                        throw new Error("Unexpected number of certs");
                    }

                }

                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }};

                sslContext = javax.net.ssl.SSLContext.getInstance("SSL");
                sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
            }
        }

        ---------- END SOURCE ----------

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  wetmore Bradford Wetmore
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: