JDK-8080123 : StringIndexOutOfBoundsException in CertUtils.checkWildcardDomain
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 8u60,9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_7
  • CPU: x86_64
  • Submitted: 2015-03-25
  • Updated: 2017-03-27
  • Resolved: 2015-05-27
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 JDK 9
7u171Fixed 8u60Fixed 9 b70Fixed
Description
FULL PRODUCT VERSION :
java version "1.8.0_60-ea"
Java(TM) SE Runtime Environment (build 1.8.0_60-ea-b05)
Java HotSpot(TM) 32-Bit Server VM (build 25.60-b05, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

EXTRA RELEVANT SYSTEM CONFIGURATION :
Certificates used by the Webserver

-----BEGIN CERTIFICATE-----
MIISIjCCEQqgAwIBAgIKGE5vtgAAAAAFQTANBgkqhkiG9w0BAQUFADBMMRMwEQYK
CZImiZPyLGQBGRYDcmRiMRswGQYKCZImiZPyLGQBGRYLdW5pdGVkcHJpbnQxGDAW
BgNVBAMTD3VuaXRlZHByaW50LXJkYjAeFw0xNDA2MDIxNTQwNTBaFw0xNjA2MDIx
NTUwNTBaMH4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZTYXhvbnkxETAPBgNVBAcT
CFJhZGViZXVsMRswGQYDVQQKExJ1bml0ZWRwcmludC5jb20gU0UxLjAsBgNVBAMM
JSoudW5pdGVkcHJpbnQuY29tLmRlbG8ucHJpbnQyNHRlc3QuZGUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NHZo9z6cGOnNGvrhzhUj0gqczklP294m
OvsoDaWtJrKQ0UC5vP5FTotzuCdzBRBzs2vXieCZTj+JEWBvKd2cWCVz4ebM6v1C
0tLZD/OgZGaiafRiYEO8Yb6aubV14Ej7b+wzk9n0sayj/8l0iQE9bsTckpnUQHaV
g3mor1sM9Bw99TP1SyVn8EbWIuJ/W0vDX0Sc9hkDE5wrlrb+WN8OneF4fNfTuUse
MZHJ5oHhtNJGu1pIz28K1XIZ/Bdd+XdDbKpai1XgfWRKPoVP0CLgnfoxauV9h9Yr
37uGpBQs27uFGFdW+yKbAxbIpEN3ZLdxHIcB3Wf0db0OQPgEXihtAgMBAAGjgg7S
MIIOzjAOBgNVHQ8BAf8EBAMCBaAwggwlBgNVHREEggwcMIIMGIIlKi51bml0ZWRw
cmludC5jb20uZGVsby5wcmludDI0dGVzdC5kZYIlKi51bml0ZWRwcmludC5jb20u
bGlsby5wcmludDI0dGVzdC5kZYIlKi51bml0ZWRwcmludC5jb20ub25sby5wcmlu
dDI0dGVzdC5kZYIlKi51bml0ZWRwcmludC5jb20ucmVsby5wcmludDI0dGVzdC5k
ZYIiKi5nZXRwcmludC5jb20uZGVsby5wcmludDI0dGVzdC5kZYIiKi5nZXRwcmlu
dC5jb20ubGlsby5wcmludDI0dGVzdC5kZYIiKi5nZXRwcmludC5jb20ub25sby5w
cmludDI0dGVzdC5kZYIiKi5nZXRwcmludC5jb20ucmVsby5wcmludDI0dGVzdC5k
ZYIjKi5wcmludHdoYXQuY29tLmRlbG8ucHJpbnQyNHRlc3QuZGWCIyoucHJpbnR3
aGF0LmNvbS5saWxvLnByaW50MjR0ZXN0LmRlgiMqLnByaW50d2hhdC5jb20ub25s
by5wcmludDI0dGVzdC5kZYIjKi5wcmludHdoYXQuY29tLnJlbG8ucHJpbnQyNHRl
c3QuZGWCJCouZmlyc3RwcmludC5jb20uZGVsby5wcmludDI0dGVzdC5kZYIkKi5m
aXJzdHByaW50LmNvbS5saWxvLnByaW50MjR0ZXN0LmRlgiQqLmZpcnN0cHJpbnQu
Y29tLm9ubG8ucHJpbnQyNHRlc3QuZGWCJCouZmlyc3RwcmludC5jb20ucmVsby5w
cmludDI0dGVzdC5kZYImKi5lYXN5cHJpbnRpbmcuY29tLmRlbG8ucHJpbnQyNHRl
c3QuZGWCJiouZWFzeXByaW50aW5nLmNvbS5saWxvLnByaW50MjR0ZXN0LmRlgiYq
LmVhc3lwcmludGluZy5jb20ub25sby5wcmludDI0dGVzdC5kZYImKi5lYXN5cHJp
bnRpbmcuY29tLnJlbG8ucHJpbnQyNHRlc3QuZGWCIyoucHJpbnR3aGF0LmNvbS5k
ZWxvLnByaW50MjR0ZXN0LmRlgiMqLnByaW50d2hhdC5jb20ubGlsby5wcmludDI0
dGVzdC5kZYIjKi5wcmludHdoYXQuY29tLm9ubG8ucHJpbnQyNHRlc3QuZGWCIyou
cHJpbnR3aGF0LmNvbS5yZWxvLnByaW50MjR0ZXN0LmRlgiEqLnByaW50MjQuY29t
LmRlbG8ucHJpbnQyNHRlc3QuZGWCISoucHJpbnQyNC5jb20ubGlsby5wcmludDI0
dGVzdC5kZYIhKi5wcmludDI0LmNvbS5vbmxvLnByaW50MjR0ZXN0LmRlgiEqLnBy
aW50MjQuY29tLnJlbG8ucHJpbnQyNHRlc3QuZGWCJSoudW5pdGVkcHJpbnQucmRi
LmRlbG8ucHJpbnQyNHRlc3QuZGWCJSoudW5pdGVkcHJpbnQucmRiLmxpbG8ucHJp
bnQyNHRlc3QuZGWCJSoudW5pdGVkcHJpbnQucmRiLm9ubG8ucHJpbnQyNHRlc3Qu
ZGWCJSoudW5pdGVkcHJpbnQucmRiLnJlbG8ucHJpbnQyNHRlc3QuZGWCISoucHJp
bnQyNC5uZXQuZGVsby5wcmludDI0dGVzdC5kZYIhKi5wcmludDI0Lm5ldC5saWxv
LnByaW50MjR0ZXN0LmRlgiEqLnByaW50MjQubmV0Lm9ubG8ucHJpbnQyNHRlc3Qu
ZGWCISoucHJpbnQyNC5uZXQucmVsby5wcmludDI0dGVzdC5kZYIfcHJpbnQyNC5j
b20uZGVsby5wcmludDI0dGVzdC5kZYIfcHJpbnQyNC5jb20ubGlsby5wcmludDI0
dGVzdC5kZYIfcHJpbnQyNC5jb20ub25sby5wcmludDI0dGVzdC5kZYIfcHJpbnQy
NC5jb20ucmVsby5wcmludDI0dGVzdC5kZYIlKi51bml0ZWRwcmludC5jb20uZGV0
cy5wcmludDI0dGVzdC5kZYIlKi51bml0ZWRwcmludC5jb20ubGl0cy5wcmludDI0
dGVzdC5kZYIlKi51bml0ZWRwcmludC5jb20ub250cy5wcmludDI0dGVzdC5kZYIl
Ki51bml0ZWRwcmludC5jb20ucmV0cy5wcmludDI0dGVzdC5kZYIiKi5nZXRwcmlu
dC5jb20uZGV0cy5wcmludDI0dGVzdC5kZYIiKi5nZXRwcmludC5jb20ubGl0cy5w
cmludDI0dGVzdC5kZYIiKi5nZXRwcmludC5jb20ub250cy5wcmludDI0dGVzdC5k
ZYIiKi5nZXRwcmludC5jb20ucmV0cy5wcmludDI0dGVzdC5kZYIjKi5wcmludHdo
YXQuY29tLmRldHMucHJpbnQyNHRlc3QuZGWCIyoucHJpbnR3aGF0LmNvbS5saXRz
LnByaW50MjR0ZXN0LmRlgiMqLnByaW50d2hhdC5jb20ub250cy5wcmludDI0dGVz
dC5kZYIjKi5wcmludHdoYXQuY29tLnJldHMucHJpbnQyNHRlc3QuZGWCJCouZmly
c3RwcmludC5jb20uZGV0cy5wcmludDI0dGVzdC5kZYIkKi5maXJzdHByaW50LmNv
bS5saXRzLnByaW50MjR0ZXN0LmRlgiQqLmZpcnN0cHJpbnQuY29tLm9udHMucHJp
bnQyNHRlc3QuZGWCJCouZmlyc3RwcmludC5jb20ucmV0cy5wcmludDI0dGVzdC5k
ZYImKi5lYXN5cHJpbnRpbmcuY29tLmRldHMucHJpbnQyNHRlc3QuZGWCJiouZWFz
eXByaW50aW5nLmNvbS5saXRzLnByaW50MjR0ZXN0LmRlgiYqLmVhc3lwcmludGlu
Zy5jb20ub250cy5wcmludDI0dGVzdC5kZYImKi5lYXN5cHJpbnRpbmcuY29tLnJl
dHMucHJpbnQyNHRlc3QuZGWCIyoucHJpbnR3aGF0LmNvbS5kZXRzLnByaW50MjR0
ZXN0LmRlgiMqLnByaW50d2hhdC5jb20ubGl0cy5wcmludDI0dGVzdC5kZYIjKi5w
cmludHdoYXQuY29tLm9udHMucHJpbnQyNHRlc3QuZGWCIyoucHJpbnR3aGF0LmNv
bS5yZXRzLnByaW50MjR0ZXN0LmRlgiEqLnByaW50MjQuY29tLmRldHMucHJpbnQy
NHRlc3QuZGWCISoucHJpbnQyNC5jb20ubGl0cy5wcmludDI0dGVzdC5kZYIhKi5w
cmludDI0LmNvbS5vbnRzLnByaW50MjR0ZXN0LmRlgiEqLnByaW50MjQuY29tLnJl
dHMucHJpbnQyNHRlc3QuZGWCJSoudW5pdGVkcHJpbnQucmRiLmRldHMucHJpbnQy
NHRlc3QuZGWCJSoudW5pdGVkcHJpbnQucmRiLmxpdHMucHJpbnQyNHRlc3QuZGWC
JSoudW5pdGVkcHJpbnQucmRiLm9udHMucHJpbnQyNHRlc3QuZGWCJSoudW5pdGVk
cHJpbnQucmRiLnJldHMucHJpbnQyNHRlc3QuZGWCISoucHJpbnQyNC5uZXQuZGV0
cy5wcmludDI0dGVzdC5kZYIhKi5wcmludDI0Lm5ldC5saXRzLnByaW50MjR0ZXN0
LmRlgiEqLnByaW50MjQubmV0Lm9udHMucHJpbnQyNHRlc3QuZGWCISoucHJpbnQy
NC5uZXQucmV0cy5wcmludDI0dGVzdC5kZYIfcHJpbnQyNC5jb20uZGV0cy5wcmlu
dDI0dGVzdC5kZYIfcHJpbnQyNC5jb20ubGl0cy5wcmludDI0dGVzdC5kZYIfcHJp
bnQyNC5jb20ub250cy5wcmludDI0dGVzdC5kZYIfcHJpbnQyNC5jb20ucmV0cy5w
cmludDI0dGVzdC5kZYIfcHJpbnQyNC5jb20ubGZsby5wcmludDI0dGVzdC5kZYIf
cHJpbnQyNC5jb20ubGZ0cy5wcmludDI0dGVzdC5kZYIlKi51bml0ZWRwcmludC5j
b20ubGZsby5wcmludDI0dGVzdC5kZYIlKi51bml0ZWRwcmludC5jb20ubGZ0cy5w
cmludDI0dGVzdC5kZTAdBgNVHQ4EFgQUFhVDOa3/sycqssHAAa+b+f1GCA0wHwYD
VR0jBBgwFoAUTZg9lxR5VIIdZnhDTECXBK8zdWMwgdIGA1UdHwSByjCBxzCBxKCB
waCBvoaBu2xkYXA6Ly8vQ049dW5pdGVkcHJpbnQtcmRiLENOPVJEQlNDMDAxLENO
PUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
b25maWd1cmF0aW9uLERDPXVuaXRlZHByaW50LERDPXJkYj9jZXJ0aWZpY2F0ZVJl
dm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9p
bnQwgcUGCCsGAQUFBwEBBIG4MIG1MIGyBggrBgEFBQcwAoaBpWxkYXA6Ly8vQ049
dW5pdGVkcHJpbnQtcmRiLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNl
cyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPXVuaXRlZHByaW50LERD
PXJkYj9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlv
bkF1dGhvcml0eTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiC57BNgY7zeIfF
lSiCzLcMh72JXoEdhfC/KobxoTwCAWUCAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
GwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDATBEBgkqhkiG9w0BCQ8ENzA1MA4G
CCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcN
AwcwDQYJKoZIhvcNAQEFBQADggEBAA/NUfmva5bJeyfw4EhwjNBmoG1eRfhAC7FV
GOQBMcf2K9pqiRtC+QUfzWp4pKA/IZVMwG04wyKwbmJAf6jsb9vrSKqKdgj2skhe
GSX1Ydj4Hi9hlKT9J5gtkw0Ov+rqiHNVXOurODi/V9Wanja6BoFWpxxwm6bG0w2G
qzDtDBRriPudeU/mDtq7jEQTSlfMGEe8JNg4SpVJdaji1OaJ+liojKvujuKDmsHJ
CaOg6kA4n5Xsq7HwAJO9wn+tXuxjLFU7QuuMyDY+93gb1MQ0IS/cuEkhO4P2jU6S
CjAPF748FFceBbQTcbCBRjkZTw3sMMebWwSFscpb8x9x9MXw270=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQTNqhG0ybB4VJVXjW/2TOzzANBgkqhkiG9w0BAQUFADBM
MRMwEQYKCZImiZPyLGQBGRYDcmRiMRswGQYKCZImiZPyLGQBGRYLdW5pdGVkcHJp
bnQxGDAWBgNVBAMTD3VuaXRlZHByaW50LXJkYjAeFw0xMjEyMTEwODIzMjhaFw0y
MjEyMTEwODMzMjZaMEwxEzARBgoJkiaJk/IsZAEZFgNyZGIxGzAZBgoJkiaJk/Is
ZAEZFgt1bml0ZWRwcmludDEYMBYGA1UEAxMPdW5pdGVkcHJpbnQtcmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0Y8qapmYsOLKNouKTjs4mZTj/q7
rIr1n1QOa57lV3NcppsXoVrhD9n/ghzv50IJG3gFrs4IHJYMK3OhRHGf+Jm/y8Yb
Z9cTo9o3aQa4wfQL3LPKI3Rzdw4sFQ2d60xBFvwvTLdzzbBZXXzBdDVrygHgE4PJ
VLhcOzYfzvjrrBuQJts3YSJ7f7Wi7EhZcGgDlpeS4YjS2TwAeIVx1r1rnfI3rwh8
riNwE+8gD3MAmn7vZotOgWt0cN6u6dPcTw7cNWr+1wUEmUQpgj2Pt7RLd6gh5td1
M1+0Rl0bCBx9rhnYzO3selsn1A8uKNF7KxunQEAoaEwzdk2RgF3MnvsWVwIDAQAB
o2kwZzATBgkrBgEEAYI3FAIEBh4EAEMAQTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUTZg9lxR5VIIdZnhDTECXBK8zdWMwEAYJKwYB
BAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBACN+euJI9sVBdEBHgm+3VSNb
zBMuCaBQp2LqoJeY5vuvo9YyhnLdK5FiDoJaTV3N/3mhC0fgIVWo87KNe0QTwuYA
uOJzWegbGiO06ZQaGFZaDrc8Pi4oLDLTlzLModDP6heDCLX234Retnbgss2zadr+
aErcVF8FhI7Ja691Nji8S7W1j+Gmt/GAHLyTVe18+jE0DtrHPBv77JJG5WYugKKU
Mgvf1XcNSY0y9DAcdjr3nljPCrjPmrZK2Q5Ak8Y6+xCkhSTXb0o17j0KYFDp9Qwq
oiV45c63Hy7dzHlwyUXeJuPwiKuWBYaV+HdFlFDMk3tU3kwIXmwmwQLjonSm18Q=
-----END CERTIFICATE-----


A DESCRIPTION OF THE PROBLEM :
Accessing our internal url https://print24.com.dets.print24test.de/de/ from an Webstart application with
new URL("https://print24.com.dets.print24test.de").openConnection().getInputStream();

fails with java.lang.StringIndexOutOfBoundsException: String index out of range: -5 in com.sun.deploy.security.CertUtils.checkWildcardDomain.
See log output below. The same code works with java 8u40.



REGRESSION.  Last worked in version 8u40


ERROR MESSAGES/STACK TRACES THAT OCCUR :
network: Verbindung von https://print24.com.dets.print24test.de/de/cgi-bin/up_portals.cgi?module=catalogue&availabilityTypeId=3&options=product%7E1635&portalName=easyprint&countryCode=DE&languageCode=de&shippingDestinationChoice=1 mit Proxy=DIRECT wird hergestellt
network: Verbindung von http://print24.com.dets.print24test.de:443/ mit Proxy=DIRECT wird hergestellt
security: SSL-Root-CA-Zertifikate werden aus C:\Program Files (x86)\Java\jre1.8.0_60\lib\security\cacerts geladen
security: SSL-Root-CA-Zertifikate aus C:\Program Files (x86)\Java\jre1.8.0_60\lib\security\cacerts geladen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikate werden aus Deployment-Session-Zertifikatspeicher geladen
security: Zertifikate wurden aus Deployment-Session-Zertifikatspeicher geladen
security: SHA-256Certificate finger print: A8C15FB30FD20D6CAD5D7409951EEA211131E27540712EFD956B4EB8A59075DE
security: SSL-Zertifikat wird im permanenten Deployment-Zertifikatspeicher gesucht
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikate werden aus Deployment-Session-Zertifikatspeicher geladen
security: Zertifikate wurden aus Deployment-Session-Zertifikatspeicher geladen
security: Failing over to CRLs: Certificate does not specify OCSP responder
network: Verbindung von http://localhost:389/ mit Proxy=DIRECT wird hergestellt

security: Revocation Status Unknown
 com.sun.deploy.security.RevocationChecker$StatusUnknownException: Certificate does not specify OCSP responder
 	at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
 	at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
 	at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
 	at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
 	at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
 	at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
 	at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
 	at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
 	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
 	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
 	at sun.security.ssl.Handshaker.process_record(Unknown Source)
 	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 	at java.security.AccessController.doPrivileged(Native Method)
 	at java.security.AccessController.doPrivileged(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
 	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.readCatalogue(SourceFile)
 	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.doReadCatalogueData(SourceFile)
 	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.doReadCatalogueData(SourceFile)
 	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.readCatalogueByProductOptionId(SourceFile)
 	at com.infowerk.fx.unitedprint.ctrl.UnitedPrintMainPresenter$3.call(SourceFile)
 	at com.infowerk.fx.unitedprint.ctrl.UnitedPrintMainPresenter$3.call(SourceFile)
 	at javafx.concurrent.Task$TaskCallable.call(Unknown Source)
 	at java.util.concurrent.FutureTask.run(Unknown Source)
 	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
 	at java.util.concurrent.FutureTask.run(Unknown Source)
 	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
 	at java.lang.Thread.run(Unknown Source)
 	Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
 		at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
 		... 38 more

 java.lang.StringIndexOutOfBoundsException: String index out of range: -5
 	at java.lang.String.substring(Unknown Source)
 	at com.sun.deploy.security.CertUtils.checkWildcardDomain(Unknown Source)
 	at com.sun.deploy.security.CertUtils.checkWildcardDomainList(Unknown Source)
 	at com.sun.deploy.security.TrustDeciderDialog.showDialog(Unknown Source)
 	at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
 	at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
 	at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
 	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
 	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
 	at sun.security.ssl.Handshaker.process_record(Unknown Source)
 	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 	at java.security.AccessController.doPrivileged(Native Method)
 	at java.security.AccessController.doPrivileged(Unknown Source)
 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
 	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.readCatalogue(SourceFile)
 	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.doReadCatalogueData(SourceFile)
 	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.doReadCatalogueData(SourceFile)
 	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.readCatalogueByProductOptionId(SourceFile)
 	at com.infowerk.fx.unitedprint.ctrl.UnitedPrintMainPresenter$3.call(SourceFile)
 	at com.infowerk.fx.unitedprint.ctrl.UnitedPrintMainPresenter$3.call(SourceFile)
 	at javafx.concurrent.Task$TaskCallable.call(Unknown Source)
 	at java.util.concurrent.FutureTask.run(Unknown Source)
 	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
 	at java.util.concurrent.FutureTask.run(Unknown Source)
 	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
 	at java.lang.Thread.run(Unknown Source)

	
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java couldn't trust Server 
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.security.AccessController.doPrivileged(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.readCatalogue(SourceFile)
	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.doReadCatalogueData(SourceFile)
	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.doReadCatalogueData(SourceFile)
	at com.infowerk.fx.unitedprint.catalogue.CatalogueService.readCatalogueByProductOptionId(SourceFile)
	at com.infowerk.fx.unitedprint.ctrl.UnitedPrintMainPresenter$3.call(SourceFile)
	at com.infowerk.fx.unitedprint.ctrl.UnitedPrintMainPresenter$3.call(SourceFile)
	at javafx.concurrent.Task$TaskCallable.call(Unknown Source)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: Java couldn't trust Server 
	at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
	at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
	at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
	... 31 more


REPRODUCIBILITY :
This bug can be reproduced always.


Comments
Crucible review: https://java.se.oracle.com/code/cru/CR-JDK9CLIENT-1061
21-05-2015

How come startIdx is -5 ? That's why I need a test. startIdx is taken from indexOf operation which can only return -1: http://docs.oracle.com/javase/6/docs/api/java/lang/String.html#indexOf%28java.lang.String%29 So it's either a tricky case for which I need a test or a bug in String.indexOf
20-05-2015

Need a better reproducer. I can't access the internal site: https://.dets.print24test.de/de/
20-05-2015

need to tighten up our substring checks. Most likely related to JDK-8065082
12-05-2015