changeset 5870:e17bc65c4784

8011745: Unknown CertificateChoices Reviewed-by: vinnie
author weijun
date Thu, 11 Apr 2013 11:10:03 +0800
parents fe4ada6c96c7
children b5494c58ca19
files src/share/classes/sun/security/pkcs/PKCS7.java
diffstat 1 files changed, 21 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/pkcs/PKCS7.java	Mon Apr 15 08:37:16 2013 -0700
+++ b/src/share/classes/sun/security/pkcs/PKCS7.java	Thu Apr 11 11:10:03 2013 +0800
@@ -133,7 +133,8 @@
             } catch (IOException ioe1) {
                 ParsingException pe = new ParsingException(
                     ioe1.getMessage());
-                pe.initCause(ioe1);
+                pe.initCause(ioe);
+                pe.addSuppressed(ioe1);
                 throw pe;
             }
         }
@@ -281,19 +282,26 @@
 
             len = certVals.length;
             certificates = new X509Certificate[len];
+            int count = 0;
 
             for (int i = 0; i < len; i++) {
                 ByteArrayInputStream bais = null;
                 try {
-                    if (certfac == null)
-                        certificates[i] = new X509CertImpl(certVals[i]);
-                    else {
-                        byte[] encoded = certVals[i].toByteArray();
-                        bais = new ByteArrayInputStream(encoded);
-                        certificates[i] =
-                            (X509Certificate)certfac.generateCertificate(bais);
-                        bais.close();
-                        bais = null;
+                    byte tag = certVals[i].getTag();
+                    // We only parse the normal certificate. Other types of
+                    // CertificateChoices ignored.
+                    if (tag == DerValue.tag_Sequence) {
+                        if (certfac == null) {
+                            certificates[count] = new X509CertImpl(certVals[i]);
+                        } else {
+                            byte[] encoded = certVals[i].toByteArray();
+                            bais = new ByteArrayInputStream(encoded);
+                            certificates[count] =
+                                (X509Certificate)certfac.generateCertificate(bais);
+                            bais.close();
+                            bais = null;
+                        }
+                        count++;
                     }
                 } catch (CertificateException ce) {
                     ParsingException pe = new ParsingException(ce.getMessage());
@@ -308,6 +316,9 @@
                         bais.close();
                 }
             }
+            if (count != len) {
+                certificates = Arrays.copyOf(certificates, count);
+            }
         }
 
         // check if crls (implicit tag) are provided (crls are OPTIONAL)