Hi Vinnie Turns out it's not related to LDAP at all. Just a small coding error, already confirmed by customer. Please take a review:
http://cr.openjdk.java.net/~weijun/6923681/webrev.00 Bug is: http://bugs.sun.com/view_bug.do?bug_id=6923681 No reg test. Trivial code update. Why hasn't Findbugs noticed it? Thanks Max On Feb 9, 2010, at 5:32 PM, Vincent Ryan wrote: > This is an interesting one Max. Our LDAP provider already supports LDAP server > discovery (ldap:///). Do you have the offending certificates? > > > On 09/02/2010 09:12, weijun.w...@sun.com wrote: >> >> *Change Request ID*: 6923681 >> >> *Synopsis*: Jarsigner crashes during timestamping >> >> === *Description* >> ============================================================ >> FULL PRODUCT VERSION : >> java version "1.6.0_18" >> Java(TM) SE Runtime Environment (build 1.6.0_18-b07) >> Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing) >> >> ADDITIONAL OS VERSION INFORMATION : >> Microsoft Windows XP [Version 5.1.2600] >> >> A DESCRIPTION OF THE PROBLEM : >> When timestamping a java-jar, the jarsigner crashes with a >> NullPointerexception. >> >> The issuing CA of the TSA-certificate has multiple revocation list >> distribution points. Two of the distribution points start with ldap and do >> not contain servernames >> >> URL=ldap:///CN=MY-CA,CN=AAAAAA,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=ad,DC=oenb,DC=co,DC=at?certificateRevocationList?base?objectClass=cRLDistributionPoint. >> >> We assume that the absence of the servername is the reason for jarsigner to >> crash with the null-pointer exception. >> >> This is the Windows default behaviour when creating certificates. >> >> STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : >> Create a Microsoft Windows CA, which has ldap distribution points but no >> servernames listed. >> >> Issue a timestamping-certificate from this windows ca. Then try to timestamp >> some jar with this server. >> >> EXPECTED VERSUS ACTUAL BEHAVIOR : >> EXPECTED - >> jarsigner should handle the revocation list distribution points correctly. >> If at least one distribution point can be reached (like http://xxxx/xxx.crl, >> the jar should be timestamped correctly. >> ACTUAL - >> jarsigner crashes. >> >> ERROR MESSAGES/STACK TRACES THAT OCCUR : >> jarsigner error: java.lang.NullPointerException >> >> REPRODUCIBILITY : >> This bug can be reproduced always. >> >> ---------- BEGIN SOURCE ---------- >> n/a, just timestamp an arbitrary jar using jarsigned >> ---------- END SOURCE ---------- >> >> CUSTOMER SUBMITTED WORKAROUND : >> create an AD-CA that includes servernames in all revocation list >> distribution points >> >> *** (#1 of 1): 2010-02-05 09:31:33 GMT+00:00 nelson.dco...@sun.com
