6500133: REGRESSION: CertificateParsingException for CRL Distribution Point with blank
Reviewed-by: mullan
Contributed-by: jason.uh@oracle.com
--- a/jdk/src/share/classes/sun/security/x509/URIName.java Fri Aug 17 17:10:56 2012 +0800
+++ b/jdk/src/share/classes/sun/security/x509/URIName.java Fri Aug 17 14:32:50 2012 -0400
@@ -30,6 +30,7 @@
import java.net.URISyntaxException;
import sun.security.util.*;
+import sun.net.www.ParseUtil;
/**
* This class implements the URIName as required by the GeneralNames
@@ -106,8 +107,13 @@
try {
uri = new URI(name);
} catch (URISyntaxException use) {
- throw (IOException) new IOException
- ("invalid URI name:" + name).initCause(use);
+ try {
+ // Try parsing the URI again after encoding/escaping
+ // any illegal characters
+ uri = new URI(ParseUtil.encodePath(name));
+ } catch (URISyntaxException use2) {
+ throw new IOException("invalid URI name:" + name, use2);
+ }
}
if (uri.getScheme() == null) {
throw new IOException("URI name must include scheme:" + name);
@@ -160,8 +166,7 @@
try {
uri = new URI(name);
} catch (URISyntaxException use) {
- throw (IOException) new IOException
- ("invalid URI name constraint:" + name).initCause(use);
+ throw new IOException("invalid URI name constraint:" + name, use);
}
if (uri.getScheme() == null) {
String host = uri.getSchemeSpecificPart();
@@ -174,8 +179,7 @@
}
return new URIName(uri, host, hostDNS);
} catch (IOException ioe) {
- throw (IOException) new IOException
- ("invalid URI name constraint:" + name).initCause(ioe);
+ throw new IOException("invalid URI name constraint:" + name, ioe);
}
} else {
throw new IOException("invalid URI name constraint (should not " +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/x509/URIName/Parse.java Fri Aug 17 14:32:50 2012 -0400
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6500133
+ * @summary CRL Distribution Point URIs with spaces or backslashes should be
+ * parseable
+ */
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import sun.security.util.DerValue;
+import sun.security.x509.CRLDistributionPointsExtension;
+import sun.security.x509.URIName;
+
+
+public class Parse {
+
+ // certificate with a space in the CRLDistributionPointsExtension uri
+ // uri: file://crl file.crl
+ static String certWithSpaceInCDPStr =
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIB8DCCAVmgAwIBAgIJAOgNnYA5nHtQMA0GCSqGSIb3DQEBBQUAMCUxETAPBgNV\n" +
+ "BAMTCHRlc3RuYW1lMRAwDgYDVQQLEwd0ZXN0b3JnMB4XDTEyMDgxMzIzMzgzN1oX\n" +
+ "DTEyMDkxMjIzMzgzN1owJTERMA8GA1UEAxMIdGVzdG5hbWUxEDAOBgNVBAsTB3Rl\n" +
+ "c3RvcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANx02RuD/Y2pvgVnXBbJ\n" +
+ "Sb+8j80geuoYEyRRnP6YiL2wmZqMmTHuznFwosO57KoVbz/XEr1bOnBMnPKax5Ll\n" +
+ "QlDI3nmnxmUq13ORQ6GkD3M+QRzzxc66BFJbKqUzgv1P3NngyIFr03zb/opXdCTZ\n" +
+ "4WfJuCf7Ouz44Ch6ZGQJ+7G5AgMBAAGjKDAmMCQGA1UdHwQdMBswGaAXoBWGE2Zp\n" +
+ "bGU6Ly9jcmwgZmlsZS5jcmwwDQYJKoZIhvcNAQEFBQADgYEAB+ublc1l1EnXtEJE\n" +
+ "jYeFzAdttHKQ4mn8CXGtHSy9gpckKyLdZUc9/n6yKuNXih29faepZ8mtaftTYpgR\n" +
+ "AUqZ+6YYik+rIqZpnWMPR9qZvshf/KPerXiZe7kYBKNvxgmCFfhK8QN6nxUGrR2F\n" +
+ "d53HWct6zXqlj+vQZsGC30f764M=\n" +
+ "-----END CERTIFICATE-----";
+
+ // a certificate with backslashes in the CRLDistributionPointsExtension uri
+ // uri: file://\\\\CRL\\crl_file.crl
+ static String certWithBackslashesInCDPStr =
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIB9jCCAV+gAwIBAgIJAOQV9wTIgnc1MA0GCSqGSIb3DQEBBQUAMCUxETAPBgNV\n" +
+ "BAMTCHRlc3RuYW1lMRAwDgYDVQQLEwd0ZXN0b3JnMB4XDTEyMDgxMzIzMzcxM1oX\n" +
+ "DTEyMDkxMjIzMzcxM1owJTERMA8GA1UEAxMIdGVzdG5hbWUxEDAOBgNVBAsTB3Rl\n" +
+ "c3RvcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALdtczqZqI6RI17mz58/\n" +
+ "PgFNBmb/dX/MeVcuaUp79RVUbDQ68z4JxDNv4ImcAxigKXb2jObPAxOdM+VlXROS\n" +
+ "AmUNgYrIPuHNnKbd+rwilc6DsGWZnZLmZE63fUvTSqjOnSlsENSgDBVL/4r+yWBB\n" +
+ "8KKmFGRFqkCyN1EZl03IW9i7AgMBAAGjLjAsMCoGA1UdHwQjMCEwH6AdoBuGGWZp\n" +
+ "bGU6Ly9cXENSTFxjcmxfZmlsZS5jcmwwDQYJKoZIhvcNAQEFBQADgYEACOgZEaST\n" +
+ "BCFQVeXZ5d8J3dUZ+wRRkPvrlvopxMtZb3Hyte78PNoIZ78f1gYL18HiGYwKttau\n" +
+ "DyPp1lrG9xKPfIeKg+aDWTtVE7pexB4qCryID0+kJfdNzkdIgdGJzJ/RmfJ5heMF\n" +
+ "+R46Mhpua4c6gGsE2NGBFxmtS3YHpQsKtz8=\n" +
+ "-----END CERTIFICATE-----";
+
+ /*
+ * Create an X509Certificate then attempt to construct a
+ * CRLDistributionPointsExtension object from its extension value bytes.
+ */
+ private static void CRLDistributionPointsExtensionTest(String certStr)
+ throws Exception {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
+ X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
+
+ // oid for CRL Distribution Points = 2.5.29.31
+ byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
+ DerValue val = new DerValue(CDPExtBytes);
+ byte[] data = val.getOctetString();
+ CRLDistributionPointsExtension CDPExt
+ = new CRLDistributionPointsExtension(false, data);
+ }
+
+ public static void main(String[] args) throws Exception {
+ /* Parse a CRLDistributionPointsExtension URI with a space. */
+ CRLDistributionPointsExtensionTest(certWithSpaceInCDPStr);
+ System.out.println("Parsed CRLDistributionPointsExtension uri with "
+ + "a space.");
+
+ /* Parse a CRLDistributionPointsExtension URI with backslashes. */
+ CRLDistributionPointsExtensionTest(certWithBackslashesInCDPStr);
+ System.out.println("Parsed CRLDistributionPointsExtension uri with "
+ + "backslashes.");
+
+ /* Constructor a URIName from a uri with a space. */
+ String uriWithSpace = "file://crl file.crl";
+ URIName name = new URIName(uriWithSpace);
+ System.out.println("URI re-encoded from " + uriWithSpace
+ + " to " + name.getName());
+
+ /* Construct a URIName from a uri with backslashes. */
+ String uriWithBackslashes = "file://\\\\CRL\\crl_file.crl";
+ name = new URIName(uriWithBackslashes);
+ System.out.println("URI re-encoded from " + uriWithBackslashes
+ + " to " + name.getName());
+
+ System.out.println("Tests passed.");
+ }
+}
+