6535697: keytool can be more flexible on format of PEM-encoded X.509 certificates
Reviewed-by: vinnie
--- a/jdk/src/share/classes/sun/security/provider/X509Factory.java Fri Feb 20 10:53:39 2009 -0800
+++ b/jdk/src/share/classes/sun/security/provider/X509Factory.java Mon Feb 23 10:03:36 2009 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -638,10 +638,15 @@
// First read all of the data that is found between
// the "-----BEGIN" and "-----END" boundaries into a buffer.
String temp;
- if ((temp=readLine(br))==null || !temp.startsWith("-----BEGIN")) {
- throw new IOException("Unsupported encoding");
- } else {
+ while (true) {
+ temp=readLine(br);
+ if (temp == null) {
+ throw new IOException("Unsupported encoding");
+ }
len += temp.length();
+ if (temp.startsWith("-----BEGIN")) {
+ break;
+ }
}
StringBuffer strBuf = new StringBuffer();
while ((temp=readLine(br))!=null && !temp.startsWith("-----END")) {
@@ -683,22 +688,11 @@
* Determines if input is binary or Base64 encoded.
*/
private boolean isBase64(InputStream is) throws IOException {
- if (is.available() >= 10) {
- is.mark(10);
+ if (is.available() >= 1) {
+ is.mark(1);
int c1 = is.read();
- int c2 = is.read();
- int c3 = is.read();
- int c4 = is.read();
- int c5 = is.read();
- int c6 = is.read();
- int c7 = is.read();
- int c8 = is.read();
- int c9 = is.read();
- int c10 = is.read();
is.reset();
- if (c1 == '-' && c2 == '-' && c3 == '-' && c4 == '-'
- && c5 == '-' && c6 == 'B' && c7 == 'E' && c8 == 'G'
- && c9 == 'I' && c10 == 'N') {
+ if (c1 != DerValue.tag_Sequence) {
return true;
} else {
return false;
--- a/jdk/test/java/security/cert/CertificateFactory/BadX509CertData.java Fri Feb 20 10:53:39 2009 -0800
+++ b/jdk/test/java/security/cert/CertificateFactory/BadX509CertData.java Mon Feb 23 10:03:36 2009 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright 2000 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,7 @@
InputStream is = new ByteArrayInputStream(data.getBytes("ISO8859_1"));
try {
Certificate cert = factory.generateCertificate(is);
- } catch (CertificateParsingException ce) {
+ } catch (CertificateException ce) {
return;
}
throw new Exception("CertificateFactory.generateCertificate() did "
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/cert/CertificateFactory/openssl/OpenSSLCert.java Mon Feb 23 10:03:36 2009 +0800
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+/*
+ * @test
+ * @bug 6535697
+ * @summary keytool can be more flexible on format of PEM-encoded
+ * X.509 certificates
+ */
+
+import java.io.*;
+import java.util.Arrays;
+import java.security.cert.CertificateFactory;
+
+public class OpenSSLCert {
+ static final String OUTFILE = "6535697.test";
+
+ public static void main(String[] args) throws Exception {
+ test("open");
+ test("pem");
+ test("open", "open");
+ test("open", "pem");
+ test("pem", "pem");
+ test("pem", "open");
+ test("open", "pem", "open");
+ test("pem", "open", "pem");
+ }
+
+ static void test(String... files) throws Exception {
+ FileOutputStream fout = new FileOutputStream(OUTFILE);
+ for (String file: files) {
+ FileInputStream fin = new FileInputStream(
+ new File(System.getProperty("test.src", "."), file));
+ byte[] buffer = new byte[4096];
+ while (true) {
+ int len = fin.read(buffer);
+ if (len < 0) break;
+ fout.write(buffer, 0, len);
+ }
+ fin.close();
+ }
+ fout.close();
+ System.out.println("Testing " + Arrays.toString(files) + "...");
+ if (CertificateFactory.getInstance("X509")
+ .generateCertificates(new FileInputStream(OUTFILE))
+ .size() != files.length) {
+ throw new Exception("Not same number");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/cert/CertificateFactory/openssl/open Mon Feb 23 10:03:36 2009 +0800
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1174535938 (0x4601ff02)
+ Signature Algorithm: dsaWithSHA1
+ Issuer: C=EA, ST=Moon, L=Backside, O=A-B-C, OU=Office, CN=Me
+ Validity
+ Not Before: Mar 22 03:58:58 2007 GMT
+ Not After : Jun 20 03:58:58 2007 GMT
+ Subject: C=EA, ST=Moon, L=Backside, O=A-B-C, OU=Office, CN=Me
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 00:c5:ce:e8:be:f0:de:27:9c:88:92:21:28:cf:a5:
+ 38:8d:c1:5f:e5:90:d2:0b:ea:d4:12:ca:86:b8:04:
+ 57:1d:41:74:3e:52:2d:87:b8:76:7b:d2:95:d7:67:
+ 30:76:35:47:fb:e9:86:bf:05:3f:9b:f2:6e:3a:96:
+ 9a:58:e1:05:44:78:02:31:ee:5f:67:6c:44:d2:95:
+ 8f:72:62:a4:3e:27:1c:f3:94:8a:1e:0b:98:4c:c0:
+ 9c:f4:3d:17:6d:36:e4:a0:12:04:01:e4:38:9e:bd:
+ 86:99:7b:84:43:9b:58:68:ef:ce:3d:85:e3:93:d1:
+ 1f:1a:18:a4:1e:59:ca:80:2e
+ P:
+ 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+ e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+ 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+ c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+ 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+ 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+ c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+ 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+ f2:22:03:19:9d:d1:48:01:c7
+ Q:
+ 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+ 84:0b:f0:58:1c:f5
+ G:
+ 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+ 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+ 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+ 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+ 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+ ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+ f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+ a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+ 25:64:01:4c:3b:fe:cf:49:2a
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ ED:BF:8A:CA:57:05:ED:5C:9A:72:65:69:6C:C1:02:F8:30:02:A4:6B
+ Signature Algorithm: dsaWithSHA1
+ 30:2d:02:15:00:85:38:a6:79:d4:70:c8:e1:d8:25:2f:87:f0:
+ 74:3d:26:59:4c:71:ef:02:14:15:32:10:1d:c0:d1:ce:18:f4:
+ 8b:ea:c0:8b:d7:da:ba:52:3a:0d:f7
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAtWgAwIBAgIERgH/AjALBgcqhkjOOAQDBQAwXTELMAkGA1UEBhMCRUEx
+DTALBgNVBAgTBE1vb24xETAPBgNVBAcTCEJhY2tzaWRlMQ4wDAYDVQQKEwVBLUIt
+QzEPMA0GA1UECxMGT2ZmaWNlMQswCQYDVQQDEwJNZTAeFw0wNzAzMjIwMzU4NTha
+Fw0wNzA2MjAwMzU4NThaMF0xCzAJBgNVBAYTAkVBMQ0wCwYDVQQIEwRNb29uMREw
+DwYDVQQHEwhCYWNrc2lkZTEOMAwGA1UEChMFQS1CLUMxDzANBgNVBAsTBk9mZmlj
+ZTELMAkGA1UEAxMCTWUwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS
+30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
+HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVU
+E1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKB
+gQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGA
+tEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoB
+JDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEAxc7ovvDe
+J5yIkiEoz6U4jcFf5ZDSC+rUEsqGuARXHUF0PlIth7h2e9KV12cwdjVH++mGvwU/
+m/JuOpaaWOEFRHgCMe5fZ2xE0pWPcmKkPicc85SKHguYTMCc9D0XbTbkoBIEAeQ4
+nr2GmXuEQ5tYaO/OPYXjk9EfGhikHlnKgC6jITAfMB0GA1UdDgQWBBTtv4rKVwXt
+XJpyZWlswQL4MAKkazALBgcqhkjOOAQDBQADMAAwLQIVAIU4pnnUcMjh2CUvh/B0
+PSZZTHHvAhQVMhAdwNHOGPSL6sCL19q6UjoN9w==
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/cert/CertificateFactory/openssl/pem Mon Feb 23 10:03:36 2009 +0800
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAtWgAwIBAgIERgH/AjALBgcqhkjOOAQDBQAwXTELMAkGA1UEBhMCRUExDTALBgNVBAgT
+BE1vb24xETAPBgNVBAcTCEJhY2tzaWRlMQ4wDAYDVQQKEwVBLUItQzEPMA0GA1UECxMGT2ZmaWNl
+MQswCQYDVQQDEwJNZTAeFw0wNzAzMjIwMzU4NThaFw0wNzA2MjAwMzU4NThaMF0xCzAJBgNVBAYT
+AkVBMQ0wCwYDVQQIEwRNb29uMREwDwYDVQQHEwhCYWNrc2lkZTEOMAwGA1UEChMFQS1CLUMxDzAN
+BgNVBAsTBk9mZmljZTELMAkGA1UEAxMCTWUwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11
+EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZg
+t2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/y
+IgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o6
+6oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om
+dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA
+xc7ovvDeJ5yIkiEoz6U4jcFf5ZDSC+rUEsqGuARXHUF0PlIth7h2e9KV12cwdjVH++mGvwU/m/Ju
+OpaaWOEFRHgCMe5fZ2xE0pWPcmKkPicc85SKHguYTMCc9D0XbTbkoBIEAeQ4nr2GmXuEQ5tYaO/O
+PYXjk9EfGhikHlnKgC6jITAfMB0GA1UdDgQWBBTtv4rKVwXtXJpyZWlswQL4MAKkazALBgcqhkjO
+OAQDBQADMAAwLQIVAIU4pnnUcMjh2CUvh/B0PSZZTHHvAhQVMhAdwNHOGPSL6sCL19q6UjoN9w==
+-----END CERTIFICATE-----