[JBoss JIRA] (ELY-1458) SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues fails on IBM JDK
3:51 a.m.
[
https://issues.jboss.org/browse/ELY-1458?page=com.atlassian.jira.plugin.s...
]
Martin Choma edited comment on ELY-1458 at 12/4/17 4:50 AM:
------------------------------------------------------------
With debugging I can see test is failing on searching OID 1.3.6.1.5.5.7.1.1 which is
located in "Unparseable certificate extensions". [~fjuma], could you have a look
if this is real issue?
{noformat}
[
[
Version: V3
Subject: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us
Signature Algorithm: SHA256withDSA, OID = 2.16.840.1.101.3.4.3.2
Key: IBMJCE DSA Public Key:
10389539464412903556924870926977456600328661145126110914220364993646327182827897057810681641838672622783970775653085652971888667064482151030822018565974084164812785937167067899265071806883189425808652614041346698609430428488623420867004775841831737139272403718817301879754589951077983369859385368318809992517855682694872534538862937538545227595881495646173926384613674206105836908073825850547714481997228126103022280543137613384164844604733917034425561783854025917174233571273088420726961501571798407502539168274663967684401560564643528658155154341567883345191932615679686743952146121930966280400203143164167037724051
Validity: [From: Mon Dec 04 10:42:29 CET 2017,
To: Sat Jan 01 00:59:59 CET 10000]
Issuer: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us
SerialNumber: [1965736310424294143]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.11 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 38 30 36 30 10 06 08 2b 06 01 05 05 07 30 03 .8060.........0.
0010: 87 04 0b 16 21 2c 30 22 06 08 2b 06 01 05 05 07 ......0.........
0020: 30 05 86 16 68 74 74 70 3a 2f 2f 61 6e 6f 74 68 0...http...anoth
0030: 65 72 2e 75 72 6c 2e 63 6f 6d er.url.com
[2]: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
[IPAddress: 10.20.30.40, URIName: http://some.url.com]]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4d cb ee b6 cf 01 78 b7 d3 5c 65 16 96 a2 3c 4b M.....x...e....K
0010: e8 d8 5f a0 ....
]
]
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtKeyUsage [
1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.7.3.8]
[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: bobsmith(a)example.com, DNSName: bobsmith.example.com]]
Unparseable certificate extensions: 1
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
0000: 30 3f 30 1c 06 08 2b 06 01 05 05 07 30 01 86 10 0.0.........0...
0010: 31 30 2e 32 30 2e 33 30 2e 34 30 3a 38 30 38 30 10.20.30.40.8080
0020: 30 1f 06 08 2b 06 01 05 05 07 30 02 82 13 69 73 0.........0...is
0030: 73 75 65 72 73 2e 65 78 61 6d 70 6c 65 2e 63 6f suers.example.co
0040: 6d m
]
Algorithm: [SHA256withDSA]
Signature:
0000: 30 45 02 21 00 a8 4a dc 8b 0e a3 bd 55 7f 78 2a 0E....J.....U.x.
0010: 4e 68 17 b7 72 34 7d d0 77 c6 31 1e 00 ea f0 23 Nh..r4..w.1.....
0020: 06 a9 54 dd 7d 02 20 1b 19 b9 ef 4b 73 42 8b 4c ..T........KsB.L
0030: d5 19 a7 1e 86 1c 44 60 24 2c dc b1 29 1a bc 89 ......D.........
0040: e9 92 01 b2 55 fd 90 ....U..
]
{noformat}
was (Author: mchoma):
With debugging I can see test is failing on searching OID 1.3.6.1.5.5.7.1.1 which is
located in Unparseable certificate extensions
{noformat}
[
[
Version: V3
Subject: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us
Signature Algorithm: SHA256withDSA, OID = 2.16.840.1.101.3.4.3.2
Key: IBMJCE DSA Public Key:
10389539464412903556924870926977456600328661145126110914220364993646327182827897057810681641838672622783970775653085652971888667064482151030822018565974084164812785937167067899265071806883189425808652614041346698609430428488623420867004775841831737139272403718817301879754589951077983369859385368318809992517855682694872534538862937538545227595881495646173926384613674206105836908073825850547714481997228126103022280543137613384164844604733917034425561783854025917174233571273088420726961501571798407502539168274663967684401560564643528658155154341567883345191932615679686743952146121930966280400203143164167037724051
Validity: [From: Mon Dec 04 10:42:29 CET 2017,
To: Sat Jan 01 00:59:59 CET 10000]
Issuer: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us
SerialNumber: [1965736310424294143]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.11 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 38 30 36 30 10 06 08 2b 06 01 05 05 07 30 03 .8060.........0.
0010: 87 04 0b 16 21 2c 30 22 06 08 2b 06 01 05 05 07 ......0.........
0020: 30 05 86 16 68 74 74 70 3a 2f 2f 61 6e 6f 74 68 0...http...anoth
0030: 65 72 2e 75 72 6c 2e 63 6f 6d er.url.com
[2]: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
[IPAddress: 10.20.30.40, URIName: http://some.url.com]]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4d cb ee b6 cf 01 78 b7 d3 5c 65 16 96 a2 3c 4b M.....x...e....K
0010: e8 d8 5f a0 ....
]
]
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtKeyUsage [
1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.7.3.8]
[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: bobsmith(a)example.com, DNSName: bobsmith.example.com]]
Unparseable certificate extensions: 1
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
0000: 30 3f 30 1c 06 08 2b 06 01 05 05 07 30 01 86 10 0.0.........0...
0010: 31 30 2e 32 30 2e 33 30 2e 34 30 3a 38 30 38 30 10.20.30.40.8080
0020: 30 1f 06 08 2b 06 01 05 05 07 30 02 82 13 69 73 0.........0...is
0030: 73 75 65 72 73 2e 65 78 61 6d 70 6c 65 2e 63 6f suers.example.co
0040: 6d m
]
Algorithm: [SHA256withDSA]
Signature:
0000: 30 45 02 21 00 a8 4a dc 8b 0e a3 bd 55 7f 78 2a 0E....J.....U.x.
0010: 4e 68 17 b7 72 34 7d d0 77 c6 31 1e 00 ea f0 23 Nh..r4..w.1.....
0020: 06 a9 54 dd 7d 02 20 1b 19 b9 ef 4b 73 42 8b 4c ..T........KsB.L
0030: d5 19 a7 1e 86 1c 44 60 24 2c dc b1 29 1a bc 89 ......D.........
0040: e9 92 01 b2 55 fd 90 ....U..
]
{noformat}
SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues
fails on IBM JDK
--------------------------------------------------------------------------------------------------------------
Key: ELY-1458
URL: https://issues.jboss.org/browse/ELY-1458
Project: WildFly Elytron
Issue Type: Bug
Components: Certificate Authority
Affects Versions: 1.2.0.Beta10
Reporter: Martin Choma
With IBM java
{noformat}
java -version
java version "1.8.0"
Java(TM) SE Runtime Environment (build pxa6480sr4fp6-20170518_02(SR4 FP6))
IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170516_348050 (JIT
enabled, AOT enabled)
J9VM - R28_20170516_1905_B348050
JIT - tr.r14.java_20170516_348050
GC - R28_20170516_1905_B348050_CMPRSS
J9CL - 20170516_348050)
JCL - 20170516_01 based on Oracle jdk8u131-b11
{noformat}
run test
{noformat}
mvn test -Dtest=SelfSignedX509CertificateAndSigningKeyTest
[INFO] Running org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest
[ERROR] Tests run: 9, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 2.372 s
<<< FAILURE! - in
org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest
[ERROR]
testSelfSignedCertificateWithStringExtensionValues(org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest)
Time elapsed: 0.274 s <<< FAILURE!
java.lang.AssertionError
at
org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues(SelfSignedX509CertificateAndSigningKeyTest.java:197)
{noformat}
This is test line failing
{code:java|title=SelfSignedX509CertificateAndSigningKeyTest.java}
byte[] authorityInfoAccessExtension =
certificate.getExtensionValue(X500.OID_PE_AUTHORITY_INFO_ACCESS);
assertNotNull(authorityInfoAccessExtension);
{code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
2582
days inactive
2582
days old
0 comments
1 participants
participants (1)
-
Martin Choma (JIRA)