JDK-6931888 : Inconsistant behavior for invalid URI name in cert file
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6u17
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: solaris
  • CPU: sparc
  • Submitted: 2010-03-03
  • Updated: 2012-08-17
  • Resolved: 2012-08-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8Resolved
Related Reports
Duplicate :  
Description
J2SE Version:
  java version "1.6.0_17"
  Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
  Java HotSpot(TM) Server VM (build 14.3-b01, mixed mode)

Operating System Configuration Information:
  SunOS sottecsweb 5.9 Generic_122300-28 sun4u sparc SUNW,Sun-Fire-280R

cert contains the following in the cdp:
URL=file://\\\\DC\\CRL\\entrust_ca_crlfile.crl
Directory Address: CN=CRL1, O=entrust,C=ca

When try to import this cert into a keystore using Java 1.6.0_17 on Solaris, get an exception:

bash-2.05# keytool -importcert -file cacert.crt -keystore parthy1.keystore
Enter keystore password:
Owner: O=entrust, C=ca
Issuer: O=entrust, C=ca
Serial number: 481b478c
Valid from: Fri May 02 12:25:41 EDT 2008 until: Tue May 02 12:55:41 EDT 2028
Certificate fingerprints:
MD5: 42:15:6A:37:A0:CD:17:B9:DE:DD:AF:F2:0D:E1:DB:9D
SHA1: 81:C8:C4:9F:31:4A:5B:EF:A6:3B:3A:C3:96:D4:CA:F8:BE:A1:4E:E6
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Fri May 02 12:25:41 EDT 2008, To: Tue May 02 12:55:41 EDT 2028]

#2: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4....
0010: E5 4F 55 66 .OUf
]
]

#4: ObjectId: 1.2.840.113533.7.65.0 Criticality=false

#5: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:file://\\\\DC\\CRL\\entrust_ca_crlfile.crl

0000: 30 66 30 36 A0 34 A0 32 A4 30 30 2E 31 0B 30 09 0f06.4.2.00.1.0.
0010: 06 03 55 04 06 13 02 63 61 31 10 30 0E 06 03 55 ..U....ca1.0...U
0020: 04 0A 13 07 65 6E 74 72 75 73 74 31 0D 30 0B 06 ....entrust1.0..
0030: 03 55 04 03 13 04 43 52 4C 31 30 2C A0 2A A0 28 .U....CRL10,.*.(
0040: 86 26 66 69 6C 65 3A 2F 2F 5C 5C 44 43 5C 43 52 .&file://\\\\DC\\CR
0050: 4C 5C 65 6E 74 72 75 73 74 5F 63 61 5F 63 72 6C L\\entrust_ca_crl
0060: 66 69 6C 65 2E 63 72 6C file.crl

#6: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

#7: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]

#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 02 50 78 CA 1D 6D 42 E5 AA B5 CA 34 85 A1 E1 0B .Px..mB....4....
0010: E5 4F 55 66 .OUf
]

]

Trust this certificate? [no]: yes
Certificate was added to keystore


 "file://\\\\DC\\CRL\\entrust_ca_crlfile.crl" is not a valid URI due to '\\' characters,
 However, the same cert imports without the exception if Java 1.6 on windows is used.
There seems to be a discrepancy here.

Moreover, the main reason to have multiple CDPs in a certificate is for redundancy. 
If a particular CDP in a certificate is invalid, then it should be skipped till 
at least one CDP can be validated.
}