From edd9d1c97b7fb50e76abc05d298c9d55db39cc1b Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Wed, 29 Sep 2021 15:37:16 +0000 Subject: [PATCH] 8274330: Incorrect encoding of the DistributionPointName object in IssuingDistributionPointExtension Reviewed-by: ascarpino --- .../IssuingDistributionPointExtension.java | 5 +- ...ingDistributionPointExtensionEncoding.java | 49 +++++++++++++++++++ 2 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 test/jdk/sun/security/x509/Extensions/IssuingDistributionPointExtensionEncoding.java diff --git a/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java b/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java index bc0df11a8a231..d810cf012ae46 100644 --- a/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java +++ b/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -393,7 +393,8 @@ private void encodeThis() throws IOException { if (distributionPoint != null) { DerOutputStream tmp = new DerOutputStream(); distributionPoint.encode(tmp); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, + // DistributionPointName is CHOICE. Do not writeImplicit. + tagged.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_DISTRIBUTION_POINT), tmp); } diff --git a/test/jdk/sun/security/x509/Extensions/IssuingDistributionPointExtensionEncoding.java b/test/jdk/sun/security/x509/Extensions/IssuingDistributionPointExtensionEncoding.java new file mode 100644 index 0000000000000..6ba6ed4b9e985 --- /dev/null +++ b/test/jdk/sun/security/x509/Extensions/IssuingDistributionPointExtensionEncoding.java @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @summary Incorrect encoding of the DistributionPointName object + * in IssuingDistributionPointExtension + * @bug 8274330 + * @modules java.base/sun.security.x509 + */ + +import sun.security.x509.DistributionPointName; +import sun.security.x509.GeneralName; +import sun.security.x509.GeneralNames; +import sun.security.x509.IssuingDistributionPointExtension; +import sun.security.x509.URIName; + +public class IssuingDistributionPointExtensionEncoding { + public static void main(String [] args) throws Exception { + var names = new GeneralNames(); + names.add(new GeneralName(new URIName("http://here"))); + // write one + var ext = new IssuingDistributionPointExtension( + new DistributionPointName(names), + null, true, false, false, false); + // read it + new IssuingDistributionPointExtension(true, ext.getValue()); + } +}