Bug ID: 6813340 X509Factory should not depend on is.available()==0

6813340 : X509Factory should not depend on is.available()==0

Details

Type:	Enhancement	Submit Date:	2009-03-05
Status:	Resolved	Updated Date:	2010-11-04
Project Name:	JDK	Resolved Date:	2010-04-14
Component:	security-libs	OS:	generic
Sub-Component:	java.security	CPU:	generic
Priority:	P4
Resolution:	Fixed
Affected Versions:	7
Fixed Versions:	7

Related Reports

Duplicate:	JDK-6928227 - keytool -printcert fails on extra trailing whitespace.
Relates:	JDK-6948781 - CertificateFactory.generateCertificate doesn't throw CertificateException for malformed certificate
Relates:	JDK-6819272 - keytool -importcert should read the whole input

Sub Tasks

Description

There are several places in X509Factory that reading from an InputStream depends on checking its available() result, When it's 0, the reading process is stopped. This means for slow input stream data might be incomplete. For example:

    keytool -certreq | keytool -gencert | keytool -importcert

Here, since the -gencert command is usually slower than -importcert, the -importcert command might see no data from the input stream and stop reading. Hence a failure.

X609Fatcory should use block reading here.

Comments

EVALUATION

Neither available() nor mark()/reset() is called now. The new impl simply reads bytes one by one, and determines if the input is DER or PEM, and skips the non-data part of PEM at either the beginning or the end.

Since slow streams are now supported, buffering codes in keytool for importing and printing are removed. This can be confirmed by existing keytool tests, say, test/sun/security/tools/keytool/selfissued.sh, which contains calls like:

   $KT -alias me -certreq | $KT -alias ca -gencert | $KT -alias me -importcert

2010-03-25

EVALUATION

http://hg.openjdk.java.net/jdk7/tl/jdk/rev/26477628f2d5

2010-03-25

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together