Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL::X509::Certificate regression in 1.7.20 #42

Closed
ylansegal opened this issue May 12, 2015 · 2 comments
Closed

OpenSSL::X509::Certificate regression in 1.7.20 #42

ylansegal opened this issue May 12, 2015 · 2 comments

Comments

@ylansegal
Copy link

Dear maintainers,

There seems to be a regression in jruby-1.7.20 with regards to X509 certificates. I am getting a java.lang.NullPointerException.

Here is what I am running:

# jruby_bug.rb
require 'openssl'
puts RUBY_DESCRIPTION
cert_text = "0\x82\x01\xAD0\x82\x01\xA1\xA0\x03\x02\x01\x02\x02\x01\x010\x03\x06\x01\x000g1\v0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\b\f\nCalifornia1\x150\x13\x06\x03U\x04\a\f\fSanta Monica1\x110\x0F\x06\x03U\x04\n\f\bOneLogin1\x190\x17\x06\x03U\x04\x03\f\x10app.onelogin.com0\x1E\x17\r100309095845Z\x17\r150309095845Z0g1\v0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\b\f\nCalifornia1\x150\x13\x06\x03U\x04\a\f\fSanta Monica1\x110\x0F\x06\x03U\x04\n\f\bOneLogin1\x190\x17\x06\x03U\x04\x03\f\x10app.onelogin.com0\x81\x9F0\r\x06\t*\x86H\x86\xF7\r\x01\x01\x01\x05\x00\x03\x81\x8D\x000\x81\x89\x02\x81\x81\x00\xE8\xD2\xBBW\xE3?/\x1D\xE7\x0E\x10\xC8\xBD~\xCD\xDE!#\rL\x92G\xDF\xE1f?L\xB1\xBC9\x99\x14\xE5\x84\xD2Zi\x87<>d\xBD\x81\xF9\xBA\x85\xD2\xFF\xAA\x90\xF3Z\x97\xA5\x1D\xB0W\xC0\x93\xA3\x06IP\xB84\xF5\xD7Qu\x19\xFCB\xCA\xA3\xD4\\\x8E\v\x9B%\x13|\xB6m\x9D\xA8\x16\xE6\xBB\xDA\x87\xFF\xE3\xD7\xE9\xBA9\xC5O\xA2\xA7C\xADB\x04\xCA\xA5\x0E\x84\xD0\xA8\xE4\xFA\xDA\xF1\x89\xF2s\xFA1\x95\xAF\x03\xAB1\xAA\xE7y\x02\x03\x01\x00\x010\x03\x06\x01\x00\x03\x01\x00"
cert = OpenSSL::X509::Certificate.new(cert_text)
puts cert

When I run in jruby-1.7.19:

$ ruby jruby_bug.rb
jruby 1.7.19 (1.9.3p551) 2015-01-29 20786bd on Java HotSpot(TM) 64-Bit Server VM 1.8.0_45-b14 +jit [darwin-x86_64]
-----BEGIN CERTIFICATE-----
MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD
YWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxv
Z2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTEwMDMwOTA5NTg0NVoX
DTE1MDMwOTA5NTg0NVowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAX
BgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOjSu1fjPy8d5w4QyL1+zd4hIw1Mkkff4WY/TLG8OZkU5YTSWmmHPD5kvYH5
uoXS/6qQ81qXpR2wV8CTowZJULg09ddRdRn8Qsqj1FyOC5slE3y2bZ2oFua72of/
49fpujnFT6KnQ61CBMqlDoTQqOT62vGJ8nP6MZWvA6sxqud5AgMBAAEwAwYBAAMB
AA==
-----END CERTIFICATE-----

In jruby-1.7.20:

$ ruby jruby_bug.rb
jruby 1.7.20 (1.9.3p551) 2015-05-04 3086e6a on Java HotSpot(TM) 64-Bit Server VM 1.8.0_45-b14 +jit [darwin-x86_64]
ASN1.java:501:in `oid2name': java.lang.NullPointerException: nid not found for oid = '0.0' (org.jruby.Ruby@55f96302)
    from ASN1.java:519:in `oid2name'
    from X509Cert.java:215:in `initialize'
    from X509Cert.java:181:in `initialize'
    from X509Cert$INVOKER$i$0$1$initialize.gen:-1:in `call'
    from DynamicMethod.java:210:in `call'
    from CachingCallSite.java:336:in `cacheAndCall'
    from CachingCallSite.java:179:in `callBlock'
    from CachingCallSite.java:183:in `call'
    from RubyClass.java:856:in `newInstance'
    from RubyClass$INVOKER$i$newInstance.gen:-1:in `call'
    from JavaMethod.java:301:in `call'
    from CachingCallSite.java:326:in `cacheAndCall'
    from CachingCallSite.java:170:in `call'
    from jruby_bug.rb:4:in `__file__'
    from jruby_bug.rb:-1:in `load'
    from Ruby.java:867:in `runScript'
    from Ruby.java:860:in `runScript'
    from Ruby.java:729:in `runNormally'
    from Ruby.java:578:in `runFromMain'
    from Main.java:395:in `doRunFromMain'
    from Main.java:290:in `internalRun'
    from Main.java:217:in `run'
    from Main.java:197:in `main'

For reference, in MRI:

$ ruby jruby_bug.rb
ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-darwin14]
-----BEGIN CERTIFICATE-----
MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD
YWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxv
Z2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTEwMDMwOTA5NTg0NVoX
DTE1MDMwOTA5NTg0NVowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAX
BgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOjSu1fjPy8d5w4QyL1+zd4hIw1Mkkff4WY/TLG8OZkU5YTSWmmHPD5kvYH5
uoXS/6qQ81qXpR2wV8CTowZJULg09ddRdRn8Qsqj1FyOC5slE3y2bZ2oFua72of/
49fpujnFT6KnQ61CBMqlDoTQqOT62vGJ8nP6MZWvA6sxqud5AgMBAAEwAwYBAAMB
AA==
-----END CERTIFICATE-----

By the way, I noticed this while working to get the ruby-saml gem to support jruby explicitly. I have a PR open against the project for jruby-1.7.19, but that same branch fails because of this issue in jruby-1.7.20.

SAML-Toolkits/ruby-saml#234

Please let me know if you need more information.
@ylansegal ylansegal mentioned this issue May 21, 2015
Merged
@kares
Copy link
Member

kares commented May 28, 2015

this regression is due an attempt to fix a 0.9.6 cert regression which was caused due incompatibility :)

... did assume we won't get "incorrectly" formatted cert PEM/DERs but seems I was wrong, here's a to_text of the given ceritiface under MRI :

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: itu-t
        Issuer: C=US, ST=California, L=Santa Monica, O=OneLogin, CN=app.onelogin.com
        Validity
            Not Before: Mar  9 09:58:45 2010 GMT
            Not After : Mar  9 09:58:45 2015 GMT
        Subject: C=US, ST=California, L=Santa Monica, O=OneLogin, CN=app.onelogin.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:e8:d2:bb:57:e3:3f:2f:1d:e7:0e:10:c8:bd:7e:
                    cd:de:21:23:0d:4c:92:47:df:e1:66:3f:4c:b1:bc:
                    39:99:14:e5:84:d2:5a:69:87:3c:3e:64:bd:81:f9:
                    ba:85:d2:ff:aa:90:f3:5a:97:a5:1d:b0:57:c0:93:
                    a3:06:49:50:b8:34:f5:d7:51:75:19:fc:42:ca:a3:
                    d4:5c:8e:0b:9b:25:13:7c:b6:6d:9d:a8:16:e6:bb:
                    da:87:ff:e3:d7:e9:ba:39:c5:4f:a2:a7:43:ad:42:
                    04:ca:a5:0e:84:d0:a8:e4:fa:da:f1:89:f2:73:fa:
                    31:95:af:03:ab:31:aa:e7:79
                Exponent: 65537 (0x10001)
    Signature Algorithm: itu-t

NOTE Signature Algorithm: itu-t ... which seems to be a "unknown" (null) value used :(

... fix should be on the way, thank you for the report!

@kares kares closed this as completed in 0fe8de8 May 28, 2015
@ylansegal
Copy link
Author

@kares Thank you for addressing this!

@ylansegal ylansegal mentioned this issue Jun 15, 2015
Closed
@ylansegal ylansegal mentioned this issue Jul 23, 2015
Closed
@pitbulk pitbulk mentioned this issue Mar 5, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kares @ylansegal