4811968: ASN.1 (X509Certificate) implementations don't handle large OID components

Reviewed-by: xuelei

4811968: ASN.1 (X509Certificate) implementations don't handle large OID components
Reviewed-by: xuelei
d4ac959d · weijun · dcf31cd6 · d4ac959d · d4ac959d · d4ac959d
4 changed file
--- a/src/share/classes/sun/security/util/ObjectIdentifier.java
+++ b/src/share/classes/sun/security/util/ObjectIdentifier.java
--- a/test/sun/security/util/Oid/OidFormat.java
+++ b/test/sun/security/util/Oid/OidFormat.java
@@ -63,9 +63,22 @@ public class OidFormat {
            "1.2.3", "1.2.3445",
            "1.3.6.1.4.1.42.2.17",
            // 4811968: ASN.1 cannot handle huge OID components
-            //"2.16.764.1.3101555394.1.0.100.2.1",
-            //"1.2.2147483647.4",
-            //"1.2.268435456.4",
+            "2.16.764.1.3101555394.1.0.100.2.1",
+            "2.2726957624935694386592435",  // as huge as possible
+            "1.2.777777777777777777",
+            "1.2.888888888888888888.111111111111111.2222222222222.33333333333333333.44444444444444",
+            "1.2." +
+                "1111111111111111111111111111111111111111111111111111111111111." +
+                "2222222222222222222222222222222222222222222222222222222222222222." +
+                "333333333333333333333333333333333333333333333333333333333333333." +
+                "4444444444444444444444444444444444444444444444444444444." +
+                "55555555555555555555555555555555555555555555555555555555555555555555555." +
+                "666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666." +
+                "77777777777777777777777777777777777777777777777777777777777777777777777777." +
+                "8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888." +
+                "9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999",
+            "1.2.2147483647.4",
+            "1.2.268435456.4",
        };

        for (String s: goodOids) {

--- a/test/sun/security/util/Oid/S11N.sh
+++ b/test/sun/security/util/Oid/S11N.sh
+#
+# Copyright 2004-2005 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+# @test
+# @bug 4811968
+# @summary Serialization compatibility with old versions
+# @author Weijun Wang
+#
+# set a few environment variables so that the shell-script can run stand-alone
+# in the source directory
+
+if [ "${TESTSRC}" = "" ] ; then
+  TESTSRC="."
+fi
+if [ "${TESTCLASSES}" = "" ] ; then
+  TESTCLASSES="."
+fi
+if [ "${TESTJAVA}" = "" ] ; then
+  echo "TESTJAVA not set.  Test cannot execute."
+  echo "FAILED!!!"
+  exit 1
+fi
+
+# set platform-dependent variables
+PF=""
+
+OS=`uname -s`
+case "$OS" in
+  SunOS )
+    FS="/"
+    ARCH=`isainfo`
+    case "$ARCH" in
+      sparc* )
+        PF="solaris-sparc"
+        ;;
+      i[3-6]86 )
+        PF="solaris-i586"
+        ;;
+      amd64* )
+        PF="solaris-amd64"
+        ;;
+      * )
+        echo "Unsupported System: Solaris ${ARCH}"
+        exit 0;
+        ;;
+    esac
+    ;;
+  Linux )
+    ARCH=`uname -m`
+    FS="/"
+    case "$ARCH" in
+      i[3-6]86 )
+        PF="linux-i586"
+        ;;
+      amd64* )
+        PF="linux-amd64"
+        ;;
+      * )
+        echo "Unsupported System: Linux ${ARCH}"
+        exit 0;
+        ;;
+    esac
+    ;;
+  Windows* )
+    FS="\\"
+    PF="windows-i586"
+
+    # 'uname -m' does not give us enough information -
+    #  should rely on $PROCESSOR_IDENTIFIER (as is done in Defs-windows.gmk),
+    #  but JTREG does not pass this env variable when executing a shell script.
+    #
+    #  execute test program - rely on it to exit if platform unsupported
+
+    ;;
+  * )
+    echo "Unsupported System: ${OS}"
+    exit 0;
+    ;;
+esac
+
+# the test code
+
+${TESTJAVA}${FS}bin${FS}javac -source 1.3 -target 1.3 -d . ${TESTSRC}${FS}SerialTest.java || exit 10
+
+OLDJAVA="
+    /java/re/j2se/1.6.0/latest/binaries/${PF}
+    /java/re/j2se/1.5.0/latest/binaries/${PF}
+    /java/re/j2se/1.4.2/latest/binaries/${PF}
+"
+
+SMALL="
+    0.0
+    1.1
+    2.2
+    1.2.3456
+    1.2.2147483647.4
+    1.2.268435456.4
+"
+
+HUGE="
+    2.16.764.1.3101555394.1.0.100.2.1
+    1.2.2147483648.4
+    2.3.4444444444444444444444
+    1.2.888888888888888888.111111111111111.2222222222222.33333333333333333.44444444444444
+"
+
+for oid in ${SMALL}; do
+    echo ${oid}
+    # new ->
+    ${TESTJAVA}${FS}bin${FS}java SerialTest out ${oid} > tmp.oid.serial || exit 1
+    # -> new
+    ${TESTJAVA}${FS}bin${FS}java SerialTest in ${oid} < tmp.oid.serial || exit 2
+    for oldj in ${OLDJAVA}; do
+        if [ -d ${oldj} ]; then
+            echo ${oldj}
+            # -> old
+            ${oldj}${FS}bin${FS}java SerialTest in ${oid} < tmp.oid.serial || exit 3
+            # old ->
+            ${oldj}${FS}bin${FS}java SerialTest out ${oid} > tmp.oid.serial.old || exit 4
+            # -> new
+            ${TESTJAVA}${FS}bin${FS}java SerialTest in ${oid} < tmp.oid.serial.old || exit 5
+        fi
+    done
+done
+
+for oid in ${HUGE}; do
+    echo ${oid}
+    # new ->
+    ${TESTJAVA}${FS}bin${FS}java SerialTest out ${oid} > tmp.oid.serial || exit 1
+    # -> new
+    ${TESTJAVA}${FS}bin${FS}java SerialTest in ${oid} < tmp.oid.serial || exit 2
+    for oldj in ${OLDJAVA}; do
+        if [ -d ${oldj} ]; then
+            echo ${oldj}
+            # -> old
+            ${oldj}${FS}bin${FS}java SerialTest badin < tmp.oid.serial || exit 3
+        fi
+    done
+done
+
+rm -f tmp.oid.serial
+rm -f tmp.oid.serial.old
+rm -f SerialTest.class
+
+exit 0
--- a/test/sun/security/util/Oid/SerialTest.java
+++ b/test/sun/security/util/Oid/SerialTest.java
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * read S11.sh
+ */
+import java.io.*;
+import sun.security.util.*;
+
+/**
+ * Test OID serialization between versions
+ *
+ * java SerialTest out oid  // write a OID into System.out
+ * java SerialTest in oid   // read from System.in and compare it with oid
+ * java SerialTest badin    // make sure *cannot* read from System.in
+ */
+class SerialTest {
+    public static void main(String[] args) throws Exception {
+        if (args[0].equals("out"))
+            out(args[1]);
+        else if (args[0].equals("in"))
+            in(args[1]);
+        else
+            badin();
+    }
+
+    static void in(String oid) throws Exception {
+        ObjectIdentifier o = (ObjectIdentifier) (new ObjectInputStream(System.in).readObject());
+        if (!o.toString().equals(oid))
+            throw new Exception("Read Fail " + o + ", not " + oid);
+    }
+
+    static void badin() throws Exception {
+        boolean pass = true;
+        try {
+            new ObjectInputStream(System.in).readObject();
+        } catch (Exception e) {
+            pass = false;
+        }
+        if (pass) throw new Exception("Should fail but not");
+    }
+
+    static void out(String oid) throws Exception {
+        new ObjectOutputStream(System.out).writeObject(new ObjectIdentifier(oid));
+    }
+}