added correct handling for CRL files with no data

timzhang926 · May 9, 2017 · a0fa0f7 · a0fa0f7
1 parent 05b83be
commit a0fa0f7
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
@@ -135,6 +135,11 @@ private CRL readDERCRL(
     private CRL getCRL(ASN1Sequence seq)
         throws CRLException
     {
+        if (seq == null)
+        {
+            return null;
+        }
+
         if (seq.size() > 1
                 && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
         {

diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/CertTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/CertTest.java
@@ -1781,6 +1781,17 @@ private void pemFileTest()
         isTrue("collection not empty", certs2.isEmpty());
     }
 
+    private void invalidCRLs()
+        throws Exception
+    {
+        CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC");
+
+        Collection crls = certFact.generateCRLs(this.getClass().getResourceAsStream("cert_chain.txt"));
+        isTrue("multi crl", crls.isEmpty());
+        CRL crl = certFact.generateCRL(this.getClass().getResourceAsStream("cert_chain.txt"));
+        isTrue("single crl", crl == null);
+    }
+
     private void pemFileTestWithNl()
         throws Exception
     {
@@ -1868,7 +1879,9 @@ public void performTest()
         pemFileTestWithNl();
         pkcs7Test();
         rfc4491Test();
-
+
+        invalidCRLs();
+
         testForgedSignature();
 
         checkCertificate(18, emptyDNCert);