Fix NPEs in PKCS7 parsing introduced by last commit.
This fixes NPEs introduced by me in sun.security.pkcs.PKCS7 in commit
ddde3e18b22acdaecb883794f5c8e21f0b87bf2f. In that commit, the standard
PKCS #7 ContentInfo/SignedData parsing works fine, but the "old" and
"Netscape-style" scenarios became broken because I changed them to
use the original encoded form of certificates without requesting to
retain this form during parsing. This commit fixes the issue by
changing the "old" and "Netscape-style" parsing code to retain the
original encoded form of certificates.
Bug: 30148997
Change-Id: I63f5f9148325214e571fdf30382d671b6d3f2a63
diff --git a/ojluni/src/main/java/sun/security/pkcs/PKCS7.java b/ojluni/src/main/java/sun/security/pkcs/PKCS7.java
index 6b95214..5fb23ea 100755
--- a/ojluni/src/main/java/sun/security/pkcs/PKCS7.java
+++ b/ojluni/src/main/java/sun/security/pkcs/PKCS7.java
@@ -207,7 +207,7 @@
private void parseNetscapeCertChain(DerValue val)
throws ParsingException, IOException {
DerInputStream dis = new DerInputStream(val.toByteArray());
- DerValue[] contents = dis.getSequence(2);
+ DerValue[] contents = dis.getSequence(2, true);
certificates = new X509Certificate[contents.length];
CertificateFactory certfac = null;
@@ -409,7 +409,7 @@
} catch (CertificateException ce) {
// do nothing
}
- DerValue[] certVals = dis.getSet(2);
+ DerValue[] certVals = dis.getSet(2, false, true);
len = certVals.length;
certificates = new X509Certificate[len];
diff --git a/ojluni/src/main/java/sun/security/util/DerInputStream.java b/ojluni/src/main/java/sun/security/util/DerInputStream.java
index f815d68..8f51439 100755
--- a/ojluni/src/main/java/sun/security/util/DerInputStream.java
+++ b/ojluni/src/main/java/sun/security/util/DerInputStream.java
@@ -291,11 +291,28 @@
* (used to initialize an auto-growing data structure)
* @return array of the values in the sequence
*/
- public DerValue[] getSequence(int startLen) throws IOException {
+ public DerValue[] getSequence(int startLen,
+ boolean originalEncodedFormRetained) throws IOException {
tag = (byte)buffer.read();
if (tag != DerValue.tag_Sequence)
throw new IOException("Sequence tag error");
- return readVector(startLen);
+ return readVector(startLen, originalEncodedFormRetained);
+ }
+
+ /**
+ * Return a sequence of encoded entities. ASN.1 sequences are
+ * ordered, and they are often used, like a "struct" in C or C++,
+ * to group data values. They may have optional or context
+ * specific values.
+ *
+ * @param startLen guess about how long the sequence will be
+ * (used to initialize an auto-growing data structure)
+ * @return array of the values in the sequence
+ */
+ public DerValue[] getSequence(int startLen) throws IOException {
+ return getSequence(
+ startLen,
+ false); // no need to retain original encoded form
}
/**
