|
Quick Lists
|
|
Bug ID:
|
4936768
|
|
Votes
|
0
|
|
Synopsis
|
Sun JCE doesn't parse certificate issued by Mircosoft Certificate Server
|
|
Category
|
java:classes_security
|
|
Reported Against
|
1.4.2
|
|
Release Fixed
|
|
|
State
|
11-Closed, duplicate of 4874076,
bug
|
|
Priority:
|
4-Low
|
|
Related Bugs
|
4874076
|
|
Submit Date
|
13-OCT-2003
|
|
Description
|
FULL PRODUCT VERSION :
java version "1.4.2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-b28)
Java HotSpot(TM) Client VM (build 1.4.2-b28, mixed mode)
FULL OS VERSION :
Linux plato 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686 i686 i386 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
When using keytool to view or import the certificate below it fails with:
sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an customer ID (tag = 48)
The problem can also be reproduced programatically:
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(new FileInputStream("...."));
However if one installs the BouncyCastle JCE and uses
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
Certificate cert = cf.generateCertificate(new FileInputStream("...."));
it works fine.
Here is the "offending" certificate:
-----BEGIN CERTIFICATE-----
MIIEkTCCBDugAwIBAgIKHwbsTgAAAAAADzANBgkqhkiG9w0BAQUFADCBkDEqMCgG
CSqGSIb3DQEJARYbc2VyZ2UuY2hlZ29yaWFuQGhzbnRlY2guY29tMQswCQYDVQQG
EwJBVTEMMAoGA1UECBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxEDAOBgNVBAoT
B0xhbmRhdGExEDAOBgNVBAsTB0xhbmRyZWcxDzANBgNVBAMTBmxyc2IwMzAeFw0w
MzA5MDMwNjIxMzJaFw0wNDA4MjgwMTMwMTlaME0xCzAJBgNVBAYTAkFVMQ4wDAYD
VQQHEwVQZXJ0aDEXMBUGA1UEChMOQVJDVVMgU29mdHdhcmUxFTATBgNVBAMTDGFy
Y3VzLmNvbS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArnFM5bmv7yiS
QBuW1+nta1CqHBQf8RtZ9tRd/G1TXjNaDby+tDzQuoDxczh3G2zeaayWoXHN3Vrf
1ywyapjmzpIa3M4lz9NjPRCfJNc35bEbjyC8DrIl5KCZ1xcmQ337wSBxgVG65mpd
sTvgHr7ScW1AQLaQPsi7yhj4xoNnSsUCAwEAAaOCAnMwggJvMB0GA1UdDgQWBBR2
yysuMrfmMRsr3+DKEYP3idg+3zCBzAYDVR0jBIHEMIHBgBTJ9sWoZBZl+tqAIN6a
SY0zfR06RKGBlqSBkzCBkDEqMCgGCSqGSIb3DQEJARYbc2VyZ2UuY2hlZ29yaWFu
QGhzbnRlY2guY29tMQswCQYDVQQGEwJBVTEMMAoGA1UECBMDVklDMRIwEAYDVQQH
EwlNZWxib3VybmUxEDAOBgNVBAoTB0xhbmRhdGExEDAOBgNVBAsTB0xhbmRyZWcx
DzANBgNVBAMTBmxyc2IwM4IQQgY4b2o3JIxC2s5zW4htHjCBlQYDVR0fBIGNMIGK
MEKgQKA+hjxodHRwOi8vbHJzYjAzLmxhbmRhdGEudmljLmdvdi5hdS5sb2NhbC9D
ZXJ0RW5yb2xsL2xyc2IwMy5jcmwwRKBCoECGPmZpbGU6Ly9cXExSU0IwMy5sYW5k
YXRhLnZpYy5nb3YuYXUubG9jYWxcQ2VydEVucm9sbFxscnNiMDMuY3JsMIHmBggr
BgEFBQcBAQSB2TCB1jBoBggrBgEFBQcwAoZcaHR0cDovL2xyc2IwMy5sYW5kYXRh
LnZpYy5nb3YuYXUubG9jYWwvQ2VydEVucm9sbC9MUlNCMDMubGFuZGF0YS52aWMu
Z292LmF1LmxvY2FsX2xyc2IwMy5jcnQwagYIKwYBBQUHMAKGXmZpbGU6Ly9cXExS
U0IwMy5sYW5kYXRhLnZpYy5nb3YuYXUubG9jYWxcQ2VydEVucm9sbFxMUlNCMDMu
bGFuZGF0YS52aWMuZ292LmF1LmxvY2FsX2xyc2IwMy5jcnQwDQYJKoZIhvcNAQEF
BQADQQDRehNYMY5zzfRz5aM5JQbBdUQ+ju2TKp8vlrvS7LGz1x8rJ4CtMGV7HvsU
XIV7CoWVM7PvLhF2D6/W04pe+H6P
-----END CERTIFICATE-----
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Save the certificate in the bug report to a file and use keytool -printcert -file ...
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
That the certificate will be parsed without an exception being thrown.
ACTUAL -
See bug report
ERROR MESSAGES/STACK TRACES THAT OCCUR :
sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an customer ID (tag = 48)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:530)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:407)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:511)
at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1021)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:539)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an customer ID (tag = 48)
at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:134)
at sun.security.util.DerInputStream.getOID(DerInputStream.java:250)
at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:120)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
... 8 more
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
public class certtest {
public static void main(String args[]) throws Throwable {
ByteArrayInputStream in = new ByteArrayInputStream(certstr.getBytes());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// CertificateFactory cf = CertificateFactory.getInstance("X.509". "BC"); // This works !!!
Certificate cert = cf.generateCertificate(in);
System.out.println(cert.toString());
}
private static String certstr =
"-----BEGIN CERTIFICATE-----\n"
+ "MIIEkTCCBDugAwIBAgIKHwbsTgAAAAAADzANBgkqhkiG9w0BAQUFADCBkDEqMCgG\n"
+ "CSqGSIb3DQEJARYbc2VyZ2UuY2hlZ29yaWFuQGhzbnRlY2guY29tMQswCQYDVQQG\n"
+ "EwJBVTEMMAoGA1UECBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxEDAOBgNVBAoT\n"
+ "B0xhbmRhdGExEDAOBgNVBAsTB0xhbmRyZWcxDzANBgNVBAMTBmxyc2IwMzAeFw0w\n"
+ "MzA5MDMwNjIxMzJaFw0wNDA4MjgwMTMwMTlaME0xCzAJBgNVBAYTAkFVMQ4wDAYD\n"
+ "VQQHEwVQZXJ0aDEXMBUGA1UEChMOQVJDVVMgU29mdHdhcmUxFTATBgNVBAMTDGFy\n"
+ "Y3VzLmNvbS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArnFM5bmv7yiS\n"
+ "QBuW1+nta1CqHBQf8RtZ9tRd/G1TXjNaDby+tDzQuoDxczh3G2zeaayWoXHN3Vrf\n"
+ "1ywyapjmzpIa3M4lz9NjPRCfJNc35bEbjyC8DrIl5KCZ1xcmQ337wSBxgVG65mpd\n"
+ "sTvgHr7ScW1AQLaQPsi7yhj4xoNnSsUCAwEAAaOCAnMwggJvMB0GA1UdDgQWBBR2\n"
+ "yysuMrfmMRsr3+DKEYP3idg+3zCBzAYDVR0jBIHEMIHBgBTJ9sWoZBZl+tqAIN6a\n"
+ "SY0zfR06RKGBlqSBkzCBkDEqMCgGCSqGSIb3DQEJARYbc2VyZ2UuY2hlZ29yaWFu\n"
+ "QGhzbnRlY2guY29tMQswCQYDVQQGEwJBVTEMMAoGA1UECBMDVklDMRIwEAYDVQQH\n"
+ "EwlNZWxib3VybmUxEDAOBgNVBAoTB0xhbmRhdGExEDAOBgNVBAsTB0xhbmRyZWcx\n"
+ "DzANBgNVBAMTBmxyc2IwM4IQQgY4b2o3JIxC2s5zW4htHjCBlQYDVR0fBIGNMIGK\n"
+ "MEKgQKA+hjxodHRwOi8vbHJzYjAzLmxhbmRhdGEudmljLmdvdi5hdS5sb2NhbC9D\n"
+ "ZXJ0RW5yb2xsL2xyc2IwMy5jcmwwRKBCoECGPmZpbGU6Ly9cXExSU0IwMy5sYW5k\n"
+ "YXRhLnZpYy5nb3YuYXUubG9jYWxcQ2VydEVucm9sbFxscnNiMDMuY3JsMIHmBggr\n"
+ "BgEFBQcBAQSB2TCB1jBoBggrBgEFBQcwAoZcaHR0cDovL2xyc2IwMy5sYW5kYXRh\n"
+ "LnZpYy5nb3YuYXUubG9jYWwvQ2VydEVucm9sbC9MUlNCMDMubGFuZGF0YS52aWMu\n"
+ "Z292LmF1LmxvY2FsX2xyc2IwMy5jcnQwagYIKwYBBQUHMAKGXmZpbGU6Ly9cXExS\n"
+ "U0IwMy5sYW5kYXRhLnZpYy5nb3YuYXUubG9jYWxcQ2VydEVucm9sbFxMUlNCMDMu\n"
+ "bGFuZGF0YS52aWMuZ292LmF1LmxvY2FsX2xyc2IwMy5jcnQwDQYJKoZIhvcNAQEF\n"
+ "BQADQQDRehNYMY5zzfRz5aM5JQbBdUQ+ju2TKp8vlrvS7LGz1x8rJ4CtMGV7HvsU\n"
+ "XIV7CoWVM7PvLhF2D6/W04pe+H6P\n"
+ "-----END CERTIFICATE-----\n";
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Use the BouncyCastle provider instead
(Incident Review ID: 201773)
======================================================================
|
|
Work Around
|
N/A
|
|
Evaluation
|
Duplicate of 4874076.
xxxxx@xxxxx 2003-10-14
|
|
Comments
|
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
