+{"files":[{"patch":"@@ -36,0 +36,2 @@\n+import java.nio.*;\n+import java.nio.charset.*;\n@@ -771,1 +773,12 @@\n- return new String(buffer, start, end - start, cs);\n+\n+ try {\n+ byte b[] = new byte[end-start];\n+ System.arraycopy(buffer, start, b, 0, end-start);\n+ CharBuffer cb = cs.newDecoder()\n+ .onUnmappableCharacter(CodingErrorAction.REPORT)\n+ .onMalformedInput(CodingErrorAction.REPORT)\n+ .decode(ByteBuffer.wrap(b));\n+ return cb.toString();\n+ } catch (IOException e) {\n+ throw new IOException(\"Incorrect string value\", e);\n+ }\n","filename":"src\/java.base\/share\/classes\/sun\/security\/util\/DerValue.java","additions":14,"deletions":1,"binary":false,"changes":15,"status":"modified"},{"patch":"@@ -0,0 +1,145 @@\n+\/*\n+ * Copyright (c) 2021, Oracle and\/or its affiliates. All rights reserved.\n+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.\n+ *\n+ * This code is free software; you can redistribute it and\/or modify it\n+ * under the terms of the GNU General Public License version 2 only, as\n+ * published by the Free Software Foundation.\n+ *\n+ * This code is distributed in the hope that it will be useful, but WITHOUT\n+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or\n+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License\n+ * version 2 for more details (a copy is included in the LICENSE file that\n+ * accompanied this code).\n+ *\n+ * You should have received a copy of the GNU General Public License version\n+ * 2 along with this work; if not, write to the Free Software Foundation,\n+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n+ *\n+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA\n+ * or visit www.oracle.com if you need additional information or have any\n+ * questions.\n+ *\/\n+\n+\/*\n+ * @test\n+ * @bug 8255739\n+ * @library \/test\/lib\n+ * @summary CertificateFactory.generateCertificate should not read invalid\n+ * subjectAlternativeNames values.\n+ *\/\n+\n+import jdk.test.lib.process.ProcessTools;\n+import jdk.test.lib.process.OutputAnalyzer;\n+import java.util.Collection;\n+import java.io.ByteArrayInputStream;\n+import java.nio.charset.StandardCharsets;\n+import java.security.cert.CertificateException;\n+import java.security.cert.CertificateFactory;\n+import java.security.cert.X509Certificate;\n+\n+public class DNSNameErrorTest {\n+\n+ \/* Invalid SubjectAlternativeName without criticality\n+ * #1: ObjectId: 2.5.29.17 Criticality=false\n+ * SubjectAlternativeName [\n+ * DNSName: ???.com ??? is incorrect IA5String 'e2 84 a1'\n+ * DNSName: ???.com\n+ * ]\n+ *\/\n+ private static String invalidSANCertStr =\n+ \"-----BEGIN CERTIFICATE-----\\n\" +\n+ \"MIIBSDCB86ADAgECAhRLR4TGgXBegg0np90FZ1KPeWpDtjANBgkqhkiG9w0BAQsF\\n\" +\n+ \"ADASMRAwDgYDVQQDDAdmb28uY29tMCAXDTIwMTAyOTA2NTkwNVoYDzIxMjAxMDA1\\n\" +\n+ \"MDY1OTA1WjASMRAwDgYDVQQDDAdmb28uY29tMFwwDQYJKoZIhvcNAQEBBQADSwAw\\n\" +\n+ \"SAJBALQcTVW9aW++ClIV9\/9iSzijsPvQGEu\/FQOjIycSrSIheZyZmR8bluSNBq0C\\n\" +\n+ \"9fpalRKZb0S2tlCTi5WoX8d3K30CAwEAAaMfMB0wGwYDVR0RBBQwEoIH4oShLmNv\\n\" +\n+ \"bYIH4oSqLmNvbTANBgkqhkiG9w0BAQsFAANBAA1+\/eDvSUGv78iEjNW+1w3OPAwt\\n\" +\n+ \"Ij1qLQ\/YI8OogZPMk7YY46\/ydWWp7UpD47zy\/vKmm4pOc8Glc8MoDD6UADs=\\n\" +\n+ \"-----END CERTIFICATE-----\";\n+\n+ \/* Invalid SubjectAlternativeName with criticality\n+ * #1: ObjectId: 2.5.29.17 Criticality=true\n+ * SubjectAlternativeName [\n+ * DNSName: ???.com ??? is incorrect IA5String 'e2 84 a1'\n+ * DNSName: ???.com\n+ * ]\n+ *\/\n+ private static String invalidCriticalSANCertStr =\n+ \"-----BEGIN CERTIFICATE-----\\n\" +\n+ \"MIIBWTCCAQOgAwIBAgIEN5HYCDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdm\\n\" +\n+ \"b28uY29tMB4XDTIxMTIxNzA5MTEzMVoXDTIyMDMxNzA5MTEzMVowEjEQMA4GA1UE\\n\" +\n+ \"AxMHZm9vLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCQ\/I+QhhOmUywaRIv7\\n\" +\n+ \"zijFGL0grGZ\/iGkob+L0dlO8iZAvV9If8tyCSQY\/YDbmxP4X0JByOChJFZLERNrg\\n\" +\n+ \"8vk1AgMBAAGjQTA\/MB4GA1UdEQEB\/wQUMBKCB+KEoS5jb22CB+KEqi5jb20wHQYD\\n\" +\n+ \"VR0OBBYEFNSLW2LFszpr+rIc+ubAfGGLn64oMA0GCSqGSIb3DQEBCwUAA0EAgqU7\\n\" +\n+ \"lOMtR8l9ZyXYIro+c6PNdTF1m6xWHt4Eofyi70PFX4oGNT5dXc2sqO4tXnDFi804\\n\" +\n+ \"w3l4T5it0fa5qw50gQ==\\n\" +\n+ \"-----END CERTIFICATE-----\";\n+\n+ public static void main(String[] args) throws Exception {\n+\n+ if (args.length > 0) {\n+ String test = args[0];\n+ if (test.equals(\"nonCritical\")) {\n+ testNonCriticalName();\n+ }\n+ else if (test.equals(\"critical\")) {\n+ testCriticalName();\n+ }\n+ }\n+\n+ runTestNonCriticalName();\n+ runTestNonCriticalNameWithDBG();\n+ runTestCriticalName();\n+ }\n+\n+ private static void testNonCriticalName() throws Exception {\n+ \/\/ getSubjectAlternativeNames() doesn't throw an Exception and retrun null\n+ \/\/ when critical is not specified, even if it has incorrect strings.\n+ X509Certificate certificate = certificate(invalidSANCertStr);\n+ Collection<?> subjectAltNames = certificate.getSubjectAlternativeNames();\n+ if (subjectAltNames != null) {\n+ throw new RuntimeException(\"Read invalid subjectAlternativeNames.\");\n+ }\n+ System.out.println(\"Passed.\");\n+ }\n+\n+ private static void testCriticalName() throws Exception {\n+ \/\/ getSubjectAlternativeNames() should throw an Exception\n+ \/\/ when critical is specified and it has incorrect strings.\n+ X509Certificate certificate = certificate(invalidCriticalSANCertStr);\n+ Collection<?> subjectAltNames = certificate.getSubjectAlternativeNames();\n+ System.out.println(\"Failed.\");\n+ }\n+\n+ private static X509Certificate certificate(String certificate) throws CertificateException {\n+ return (X509Certificate) CertificateFactory.getInstance(\"X.509\")\n+ .generateCertificate(new ByteArrayInputStream(certificate.getBytes()));\n+ }\n+\n+ private static void runTestNonCriticalName() throws Exception {\n+ ProcessBuilder pb = ProcessTools.createJavaProcessBuilder(\n+ \"DNSNameErrorTest\", \"nonCritical\");\n+ OutputAnalyzer output = ProcessTools.executeProcess(pb);\n+ output.shouldContain(\"Passed.\");\n+ }\n+\n+ static void runTestNonCriticalNameWithDBG() throws Exception {\n+ ProcessBuilder pb = ProcessTools.createJavaProcessBuilder(\n+ \"-Djava.security.debug=x509\", \"DNSNameErrorTest\", \"nonCritical\");\n+ OutputAnalyzer output = ProcessTools.executeProcess(pb);\n+ output.shouldContain(\"java.io.IOException: Incorrect string value\");\n+ output.shouldContain(\"Caused by: java.nio.charset.MalformedInputException\");\n+ output.shouldContain(\"Passed.\");\n+ }\n+\n+ static void runTestCriticalName() throws Exception {\n+ ProcessBuilder pb = ProcessTools.createJavaProcessBuilder(\n+ \"DNSNameErrorTest\", \"critical\");\n+ OutputAnalyzer output = ProcessTools.executeProcess(pb);\n+ output.shouldContain(\"java.io.IOException: Incorrect string value\");\n+ output.shouldContain(\"Caused by: java.nio.charset.MalformedInputException\");\n+ output.shouldNotContain(\"Failed.\");\n+ }\n+}\n","filename":"test\/jdk\/sun\/security\/x509\/GeneralName\/DNSNameErrorTest.java","additions":145,"deletions":0,"binary":false,"changes":145,"status":"added"}]}
0 commit comments