7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE
Reviewed-by: xuelei
--- a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java Thu Mar 29 17:49:34 2012 -0700
+++ b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java Fri Mar 30 15:43:13 2012 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -774,12 +774,8 @@
// the delegated trust manager
private final X509TrustManager tm;
- // Cache the trusted certificate to optimize the performance.
- private final Collection<X509Certificate> trustedCerts = new HashSet<>();
-
AbstractTrustManagerWrapper(X509TrustManager tm) {
this.tm = tm;
- Collections.addAll(trustedCerts, tm.getAcceptedIssuers());
}
@Override
@@ -920,6 +916,13 @@
try {
// Does the certificate chain end with a trusted certificate?
int checkedLength = chain.length - 1;
+
+ Collection<X509Certificate> trustedCerts = new HashSet<>();
+ X509Certificate[] certs = tm.getAcceptedIssuers();
+ if ((certs != null) && (certs.length > 0)){
+ Collections.addAll(trustedCerts, certs);
+ }
+
if (trustedCerts.contains(chain[checkedLength])) {
checkedLength--;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NullGetAcceptedIssuers.java Fri Mar 30 15:43:13 2012 -0700
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7142172
+ * @summary Custom TrustManagers that return null for getAcceptedIssuers
+ * will NPE.
+ * SunJSSE does not support dynamic system properties, no way to
+ * re-use system properties in samevm/agentvm mode.
+ * @run main/othervm NullGetAcceptedIssuers
+ */
+
+import javax.net.ssl.*;
+
+public class NullGetAcceptedIssuers {
+
+ public static void main(String[] args) throws Exception {
+ SSLContext sslContext;
+
+ // Create a trust manager that does not validate certificate chains
+ TrustManager[] trustAllCerts =
+ new TrustManager[] {new X509TrustManager() {
+
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) {
+ }
+
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) {
+ }
+
+ // API says empty array, but some custom TMs are
+ // returning null.
+ public java.security.cert.X509Certificate[]
+ getAcceptedIssuers() {
+ return null;
+ }
+ }};
+
+ sslContext = javax.net.ssl.SSLContext.getInstance("SSL");
+ sslContext.init(null, trustAllCerts, null);
+ }
+}