JDK-6524763 : org.ietf.jgss.Oid does not handle proper OID's i.e. 2.40.3.8
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2007-02-14
  • Updated: 2010-04-04
  • Resolved: 2007-02-14
Related Reports
Duplicate :  
JDK-6418433 - org.ietf.jgss.Oid constructor accepts invalid values (and rejects valid values)
Description
FULL PRODUCT VERSION :
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing)

A DESCRIPTION OF THE PROBLEM :
OIDs are assigned by agencies without regard to existing software libraries.

The Oid class must no assume that a given dotted notation is invalid due to its prior inexistence.

i.e.:
http://asn1.elibel.tm.fr/oid/doc/TD3169r1.html



ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" GSSException: Improperly formatted Object Identifier String - 2.40.3.8
        at org.ietf.jgss.Oid.<init>(Unknown Source)
        at test.main(test.java:7)




REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import org.ietf.jgss.Oid;

public class test
{
 public static void main(String[] args) throws Throwable
 {
  System.out.println(new Oid(new Oid(args[0]).getDER()));
 }
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Have to write own OID class, have to write own x509 classes...
Comments
EVALUATION This has already been fixed in JDK 6.
14-02-2007