Hi team,
I am developing The Malformed Certificates tests, this test exist to
test JDK's SSL ability to withstand attack in the form of deliberately
1.3 million malformed ASN.1-encoded data.
Detail please refer test plan:
http://wiki.se.oracle.com/display/JPG/Malformed+Certificates+Test+Plan
The idea is to "attack" an JDK SSL/SMIME process by sending it
intentionally malformed certificates (or malformed SMIME messages), and
ensure that the process under attack does not:
* crash
* leak
* accept any of the bad certs or messages as if they were good
To do the Malformed Certificates tests with SSL certs, I should launch
two JVM, one as "JDK under test", the other as "attack JDK",
I want to use JDK8 as attack JDK, and this JDK should be modified to
allow use of invalid certificates, I have try to use following code to
generate invalid certificate:
import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
public class X509CertificateLoad {
/**
* Load a X509 certificate from file.
*/
public static void main(String[] args) throws Exception {
FileInputStream fis = new FileInputStream(args[0]);
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate)
cf.generateCertificate(fis);
System.out.println("SUCCESS");
}
}
got following error:
X509Certificate cert = (X509Certificate)
cf.generateCertificate(fis);java.lang.NegativeArraySizeException
at
sun.security.util.DerInputStream.getUnalignedBitString(DerInputStream.java:238)
at sun.security.x509.X509Key.parse(X509Key.java:171)
at
sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
Can you give some suggestion about how to bypass this kind of check to
generator a certificate for invalid certificate? (I will use this
invalid to attack normal JDK).
Thanks
Kevin
