Online Certificate Status Protocol ( OCSP ) Verifycation Fails . java.lang.StringIndexOutOfBoundsException: String index out of range: -1 (Doc ID 1924358.1)

Last updated on JUNE 26, 2017

Applies to:

Oracle Security Developer Tools - Version 11.1.1.6.0 and later
Information in this document applies to any platform.
***Checked for relevance on 26-JUN-2017***

Symptoms

OCSP Verify Signature call fails

Upgrading java code that checks certificates via OCSP; changed code to use 11g OSDT libraries and switched required classes from oracle types to standard java as required. Now code fails on the OCSP verify signature call.
Receive a SUCCESS message from EVA on certificate check but when trying to verify the signature on the OCSP response, we find the following error in the WebLogic log file:
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
        at java.lang.String.substring(String.java:1937)
        at oracle.security.crypto.ocsp.OCSPUtils.formatX500Name(OCSPUtils.java:139)
        at oracle.security.crypto.ocsp.BasicOCSPResponse.tbsResponse(BasicOCSPResponse.java:615)
        at oracle.security.crypto.ocsp.BasicOCSPResponse.verifySignature(BasicOCSPResponse.java:453)...

Using:
 oracle.osdt_11.1.1/osdt_core.jar, oracle.osdt_11.1.1/osdt_cert.jar, oracle.osdt_11.1.1/osdt_ocsp.jar in the common_modules directory of the WebLogic install.

Server certificate for EVA is in trustStore and SSL handshake succeeds. 

JSSE SSL enabled.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms