FULL PRODUCT VERSION : java version "1.6.0_18" Java(TM) SE Runtime Environment (build 1.6.0_18-b07) Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing) ADDITIONAL OS VERSION INFORMATION : Windows XP SP3 A DESCRIPTION OF THE PROBLEM : When timestamping a request jarsigner crashes with a null pointer exception: jarsigner error: java.lang.NullPointerException java.lang.NullPointerException at sun.security.tools.TimestampedSigner.generateTimestampToken(Timestamp edSigner.java:346) at sun.security.tools.TimestampedSigner.generateSignedData(TimestampedSi gner.java:211) at sun.security.tools.SignatureFile$Block.<init>(JarSigner.java:1979) at sun.security.tools.SignatureFile.generateBlock(JarSigner.java:1876) at sun.security.tools.JarSigner.signJar(JarSigner.java:1024) at sun.security.tools.JarSigner.run(JarSigner.java:203) at sun.security.tools.JarSigner.main(JarSigner.java:74) The reason seems to be that line 376/377 extracts the keyPurposes. keyPurposes = cert.getExtendedKeyUsage(); The keyPurposes variable is null after this statement. The certificate used for timestamping defininitely has the extendedKeyUsage Fields set and it includes the KP_TIMESTAMPING_OID OID. To make this reproducible, I captured the network traffic that is sent from the timestamp-server and try to attach the pcap file as well as the certificate used for timestamping. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Use jarsigner to sign and timestamp a jar-file with the attached certificate. EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - Jar file gets timestamped correctly, extended key usage can be extracted correctly from the timestamp server reply. ACTUAL - see description, jarsigner crashes because the extended key usage field can't be extracted correctly. ERROR MESSAGES/STACK TRACES THAT OCCUR : see description REPRODUCIBILITY : This bug can be reproduced always. CUSTOMER SUBMITTED WORKAROUND : unknown
|