From 0d3ac4a09ce14deeb5ae2dd37d3f2fe90b05c6f0 Mon Sep 17 00:00:00 2001 From: weijun Date: Thu, 11 Apr 2013 11:10:03 +0800 Subject: [PATCH] 8011745: Unknown CertificateChoices Reviewed-by: vinnie --- .../classes/sun/security/pkcs/PKCS7.java | 31 +++++++++++++------ 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/src/share/classes/sun/security/pkcs/PKCS7.java b/src/share/classes/sun/security/pkcs/PKCS7.java index fa67e29e7..8c3c94737 100644 --- a/src/share/classes/sun/security/pkcs/PKCS7.java +++ b/src/share/classes/sun/security/pkcs/PKCS7.java @@ -161,7 +161,8 @@ public class PKCS7 { } catch (IOException ioe1) { ParsingException pe = new ParsingException( ioe1.getMessage()); - pe.initCause(ioe1); + pe.initCause(ioe); + pe.addSuppressed(ioe1); throw pe; } } @@ -310,19 +311,26 @@ public class PKCS7 { len = certVals.length; certificates = new X509Certificate[len]; + int count = 0; for (int i = 0; i < len; i++) { ByteArrayInputStream bais = null; try { - if (certfac == null) - certificates[i] = new X509CertImpl(certVals[i]); - else { - byte[] encoded = certVals[i].toByteArray(); - bais = new ByteArrayInputStream(encoded); - certificates[i] = - (X509Certificate)certfac.generateCertificate(bais); - bais.close(); - bais = null; + byte tag = certVals[i].getTag(); + // We only parse the normal certificate. Other types of + // CertificateChoices ignored. + if (tag == DerValue.tag_Sequence) { + if (certfac == null) { + certificates[count] = new X509CertImpl(certVals[i]); + } else { + byte[] encoded = certVals[i].toByteArray(); + bais = new ByteArrayInputStream(encoded); + certificates[count] = + (X509Certificate)certfac.generateCertificate(bais); + bais.close(); + bais = null; + } + count++; } } catch (CertificateException ce) { ParsingException pe = new ParsingException(ce.getMessage()); @@ -337,6 +345,9 @@ public class PKCS7 { bais.close(); } } + if (count != len) { + certificates = Arrays.copyOf(certificates, count); + } } // check if crls (implicit tag) are provided (crls are OPTIONAL) -- GitLab