Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8014805

NPE is thrown during certpath validation if certificate does not have AuthorityKeyIdentifier extension

    XMLWordPrintable

    Details

    • Introduced In Build:
      b17
    • Introduced In Version:
      7u6
    • Resolved In Build:
      b34
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        CertPathValidator throws NPE if trusted certificate does not have AuthorityKeyIdentifier extension:

        certpath: PolicyChecker.checkPolicy() certificate policies verified
        certpath: -checker5 validation succeeded
        certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker]
        certpath: ---checking timestamp:Fri May 17 17:42:50 MSK 2013...
        certpath: timestamp verified.
        certpath: ---checking subject/issuer name chaining...
        certpath: subject/issuer name chaining verified.
        certpath: ---checking signature...
        certpath: signature verified.
        certpath: BasicChecker.updateState issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; subject: CN=Oracle Root CA, OU=VeriSign Trust Network, O=Oracle Corporation, C=US; serial#: 100662332940862603838457626880723060860
        certpath: -checker6 validation succeeded
        certpath: -Using checker7 ... [sun.security.provider.certpath.OCSPChecker]
        Exception in thread "main" java.lang.NullPointerException
        at sun.security.x509.X509CertImpl.getIssuerKeyIdentifier(X509CertImpl.java:1077)
        at sun.security.provider.certpath.OCSPChecker.check(OCSPChecker.java:251)
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
        at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  vinnie Vincent Ryan
                  Reporter:
                  asmotrak Artem Smotrakov
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: