JDK-6418425 : javax.crypto.EncryptedPrivateKeyInfo constructor throws NumberFormatException
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 5.0
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux
  • CPU: x86
  • Submitted: 2006-04-26
  • Updated: 2010-11-04
  • Resolved: 2006-05-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 b85Fixed
Related Reports
Relates :  
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode)


ADDITIONAL OS VERSION INFORMATION :
Linux miguel 2.6.12-12mdksmp #1 SMP Fri Sep 9 17:43:23 CEST 2005 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz unknown GNU/Linux


A DESCRIPTION OF THE PROBLEM :
One of the constructors of EncryptedPrivateKeyInfo expects an algorithm name (as a string).
If the string is not a valid Object Identifier, but contains dots, the constructor throws  NumberFormatException, when it should throw NoSuchAlgorithmException.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Calling a the constructor with a string such as "1.2.3.", or "1.2.3.a", or "a.a" causes NumberFormatException to be thrown. For instance
EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo("aa.aa", new byte[8]);

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The exception NoSuchAlgorithmException should be thrown, like
java.security.NoSuchAlgorithmException: unrecognized algorithm name: aa.aa
	at sun.security.x509.AlgorithmId.get(AlgorithmId.java:105)
	at javax.crypto.EncryptedPrivateKeyInfo.<init>(DashoA12275)
	at TestOid.main(TestOid.java:16)
ACTUAL -
The exception NumberFormatException is thrown:
Exception in thread "main" java.lang.NumberFormatException: For input string: "aa"
	at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
	at java.lang.Integer.parseInt(Integer.java:447)
	at java.lang.Integer.valueOf(Integer.java:553)
	at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:69)
	at sun.security.x509.AlgorithmId.algOID(AlgorithmId.java:312)
	at sun.security.x509.AlgorithmId.get(AlgorithmId.java:98)
	at javax.crypto.EncryptedPrivateKeyInfo.<init>(DashoA12275)
	at TestOid.main(TestOid.java:16)

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.security.NoSuchAlgorithmException;
import javax.crypto.EncryptedPrivateKeyInfo;

public class TestEPKI {

	public static void main(String[] args){
		String[] oids = {"1.2.3.4", "aa","aa.aa"};
		for (String s:oids){
			EncryptedPrivateKeyInfo epki;
			try {
				epki = new EncryptedPrivateKeyInfo(s,new byte[8]);
				System.out.println(s+ " has not been detected as invalid");
			} catch (NoSuchAlgorithmException e) {
				System.out.println(s+ " has been detected as invalid");
			} catch (NumberFormatException e){
				System.out.println(s+": This exception should not have been thrown");
			}
		}
	}

---------- END SOURCE ----------

Comments
EVALUATION The three related CRs are 6418422, 6418425 (this one), and 6418433.
26-04-2006

EVALUATION See also 6418422. Same underlying problem as there. Not sure why two bugs were necessary.
26-04-2006